| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RKIT/Agent.biiu - Noch ein betroffenerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.09.2010, 14:42
| #11 |
 |  RKIT/Agent.biiu - Noch ein betroffener Diesmal hats geklappt, hier noch der GMER log: am ende des Scans kam die fehlermeldung, dass GMER rootkit aktivität gefunden hat. LG GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-19 15:38:47
Windows 6.0.6001 Service Pack 1
Running: f0ru5eo5.exe; Driver: C:\Users\SCHNEI~1\AppData\Local\Temp\uxlciuob.sys
---- System - GMER 1.0.15 ----
SSDT 9C1F01B4 ZwCreateThread
SSDT 9C1F01A0 ZwOpenProcess
SSDT 9C1F01A5 ZwOpenThread
SSDT 9C1F01AF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!KeInsertQueue + 411 82082A58 4 Bytes [B4, 01, 1F, 9C] {MOV AH, 0x1; POP DS; PUSHF }
.text ntoskrnl.exe!KeInsertQueue + 5E1 82082C28 4 Bytes [A0, 01, 1F, 9C]
.text ntoskrnl.exe!KeInsertQueue + 5FD 82082C44 4 Bytes [A5, 01, 1F, 9C] {MOVSD ; ADD [EDI], EBX; PUSHF }
.text ntoskrnl.exe!KeInsertQueue + 811 82082E58 4 Bytes [AF, 01, 1F, 9C] {SCASD ; ADD [EDI], EBX; PUSHF }
? System32\Drivers\ibwkdj.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E801340, 0x3EE687, 0xE8000020]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86D347D8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\usbscan \Device\Usbscan0 8E39E184
Device \Driver\USBSTOR \Device\00000076 8E3B1B40
Device \Driver\USBSTOR \Device\00000078 8E3B1B40
Device \Driver\WUDFRd \Device\UMDFCtrlDev-c74044b3-c3ec-11df-9f08-001377b62ecb 8E3B6F7E
---- Processes - GMER 1.0.15 ----
Process (*** hidden *** ) -2112854952
Process (*** hidden *** ) -2073560912
Process (*** hidden *** ) -2073549304
Process (*** hidden *** ) -2064906512
Process (*** hidden *** ) -2063997408
Process (*** hidden *** ) -2063854576
Process (*** hidden *** ) -2063768208
Process (*** hidden *** ) -2063204864
Process (*** hidden *** ) -2062749512
Process (*** hidden *** ) -2062333944
Process (*** hidden *** ) -2061834904
Process (*** hidden *** ) -2061796912
Process (*** hidden *** ) -2061787816
Process (*** hidden *** ) -2061786096
Process (*** hidden *** ) -2061709992
Process (*** hidden *** ) -2061599232
Process (*** hidden *** ) -2061544600
Process (*** hidden *** ) -2061532480
Process (*** hidden *** ) -2061505024
Process (*** hidden *** ) -2021016064
Process (*** hidden *** ) -2019524424
Process (*** hidden *** ) -2018703216
Process (*** hidden *** ) -2013378720
Process (*** hidden *** ) -2012941432
Process (*** hidden *** ) -2012643840
Process (*** hidden *** ) -2012529432
Process (*** hidden *** ) -2012495688
Process (*** hidden *** ) -2012403272
Process (*** hidden *** ) -2012340040
Process (*** hidden *** ) -2012279296
Process (*** hidden *** ) -2012240416
Process (*** hidden *** ) -2012230488
Process (*** hidden *** ) -2011955880
Process (*** hidden *** ) -2011745624
Process (*** hidden *** ) -2011572600
Process (*** hidden *** ) -2011555472
Process (*** hidden *** ) -2011547920
Process (*** hidden *** ) -2011374584
Process (*** hidden *** ) -2011263888
Process (*** hidden *** ) -2010272648
Process (*** hidden *** ) -2010097240
Process (*** hidden *** ) -2010072104
Process (*** hidden *** ) -2010065720
Process (*** hidden *** ) -2010040136
Process (*** hidden *** ) -2009839104
Process (*** hidden *** ) -2009824304
Process (*** hidden *** ) -2009809824
Process (*** hidden *** ) -2009808712
Process (*** hidden *** ) -2009807216
Process (*** hidden *** ) -2009806520
Process (*** hidden *** ) -2009786920
Process (*** hidden *** ) -2009608704
Process (*** hidden *** ) -2009186120
Process (*** hidden *** ) -2009063936
Process (*** hidden *** ) -2009050952
Process (*** hidden *** ) -2008733864
Process (*** hidden *** ) -2008410312
Process (*** hidden *** ) -2008334152
Process (*** hidden *** ) -2008226240
Process (*** hidden *** ) -2008177784
Process (*** hidden *** ) -2008172128
Process (*** hidden *** ) -2008170312
Process (*** hidden *** ) -2008146432
Process (*** hidden *** ) -2007930632
Process (*** hidden *** ) -2007866464
Process (*** hidden *** ) -2007771720
Process (*** hidden *** ) -2007766320
Process (*** hidden *** ) -2007750440
Process (*** hidden *** ) -2007666504
Process (*** hidden *** ) -2007222128
Process (*** hidden *** ) -2007197984
Process (*** hidden *** ) -2007084872
Process (*** hidden *** ) -2006863688
Process (*** hidden *** ) -2006726424
Process (*** hidden *** ) -2006691656
Process (*** hidden *** ) -2006456344
Process (*** hidden *** ) -2006384456
Process (*** hidden *** ) -2006370664
Process (*** hidden *** ) -2006363976
Process (*** hidden *** ) -2006355784
Process (*** hidden *** ) -2006157296
Process (*** hidden *** ) -2006154232
Process (*** hidden *** ) -2006136712
Process (*** hidden *** ) -2006123008
Process (*** hidden *** ) -2006112656
Process (*** hidden *** ) -2006068088
Process (*** hidden *** ) -2005897728
Process (*** hidden *** ) -2005890232
Process (*** hidden *** ) -2005675080
Process (*** hidden *** ) -2005645552
Process (*** hidden *** ) -2005644856
Process (*** hidden *** ) -2005574144
Process (*** hidden *** ) -2005562552
Process (*** hidden *** ) -2004448176
Process (*** hidden *** ) -2004284512
Process (*** hidden *** ) -2004265096
Process (*** hidden *** ) -1983102264
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] ibwkdj <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fa0371
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fc199b
Reg HKLM\SYSTEM\CurrentControlSet\Services\ibwkdj@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ibwkdj@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ibwkdj@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ibwkdj@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\ibwkdj@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\ibwkdj@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\ibwkdj@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\ibwkdj@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\ibwkdj@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\ibwkdj@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\ibwkdj@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\ibwkdj@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet004\Services\ibwkdj@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\ibwkdj@Start 0
Reg HKLM\SYSTEM\ControlSet004\Services\ibwkdj@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\ibwkdj@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001fe1fa0371 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001fe1fc199b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\ibwkdj@Type 1
Reg HKLM\SYSTEM\ControlSet005\Services\ibwkdj@Start 0
Reg HKLM\SYSTEM\ControlSet005\Services\ibwkdj@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet005\Services\ibwkdj@Group Boot Bus Extender
---- EOF - GMER 1.0.15 ----
|
| Themen zu RKIT/Agent.biiu - Noch ein betroffener |
| .dll, 0 bytes, antivir, audiodg.exe, avg, bitte um hilfe, desktop, dwm.exe, explorer.exe, fehler, firefox.exe, jusched.exe, lsass.exe, löschen, modul, neustart, nicht gefunden, notebook, nt.dll, problem, prozesse, quelldatei, registry, rkit/agent.biiu, rundll, service pack 1, services.exe, svchost.exe, system32, versteckte objekte, verweise, virus, virus gefunden, warnung, windows, winlogon.exe, wmp, wuauclt.exe |
Baum-Darstellung