| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gmer-Ergebnis,was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.09.2010, 22:12
| #1 |
| |  Gmer-Ergebnis,was nun? Hallo,als Newbie habe ich leider keinen Plan.Habe GMER laufen lassen,hier das Ergebnis bei Rootkit/Malware: Was muß ich tun? THX @ allGMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-16 22:59:45
Windows 6.1.7600
Running: 0t92vrc6.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\kxlyipoc.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83004634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83004898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301D1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8307C599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830A0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9EAC9C9D 28 Bytes [DE, AF, 63, D8, F0, F5, 4F, ...]
.text peauth.sys 9EAC9CC1 28 Bytes [DE, AF, 63, D8, F0, F5, 4F, ...]
PAGE peauth.sys 9EACFB9B 72 Bytes [0E, 60, CE, 31, 3E, 48, C8, ...]
PAGE peauth.sys 9EACFBEC 111 Bytes [67, 08, A4, B8, 86, 2B, 53, ...]
PAGE peauth.sys 9EACFE20 101 Bytes [E6, CC, 1B, 15, 8A, 26, C8, ...]
PAGE ...
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl section is writeable [0x9EC89000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in ".vmp2" section [0x9ECAC050]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75CF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75CF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75CF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75CF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A22494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A05624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A056E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A2250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A18573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A14D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A150CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A151A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74A166D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A182CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A18819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A1907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A1E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A14C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[2404] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75CF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75CF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75CF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75CF5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources MSDMine?DfSdk
Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources MSDMine?DfSdk
---- EOF - GMER 1.0.15 ----
|
|
17.09.2010, 07:00
| #2 |
  | Gmer-Ergebnis,was nun? Hi,
__________________äh, ja. Wieso lässt Du GMER laufen? Was ist der Grund? Beschreibe bitte Dein Problem, welches System Du hast etc... Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
|
| Themen zu Gmer-Ergebnis,was nun? |
| acer, appdata, bytes, c:\windows, c:\windows\system32\rundll32.exe, code, controlset002, devices, down, driver, ergebnis, explorer.exe, files, gmer, hardware, kernel, laufen, local\temp, locker, registry, rundll, rundll32.exe, scan, services, shell, shell32.dll, system, system32, temp, thomas, thread |
Linear-Darstellung
