Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Rootkit-Infektion (https://www.trojaner-board.de/130558-rootkit-infektion.html)

Oligitim 03.02.2013 15:05
Rootkit-Infektion
 
Guten Tag,

ich habe einen Laptop mit Windows 7 und als Sicherheitssoftware die Norton Suite, die keine Warnung gegeben hat.
Ein Scan mit malwarebytes war ohne Befund, aber ein gmer-scan gab eine Warnung aus und rootkit-buster fand zwei verdächtige Einträge (siehe Protokoll).

Bin ich infiziert, was wäre zu tun ?

Gruß und Dank im voraus

Oligitim

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1061
| Computer Name: xxxxxxxxxxxx
| OS version: 6.1-7601
| User Name: xxxxxxxxxxxxxxxxx
+-----------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556c9a405
SubKey : 002556c9a405
FullLength: 89
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo
Root : 738b0ac
SubKey : Teredo
ValueName : Collection
Data : D4 FC 1 0 D8 D 1 0
ValueType : 3
AccessType: 0
FullLength: 90
DataSize : 8
2 hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwAlertResumeThread
Image Path :
OriginalHandler : 0x832e1c99
CurrentHandler : 0x8773b680
ServiceNumber : 0xd
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlertThread
Image Path :
OriginalHandler : 0x83234be0
CurrentHandler : 0x8773b760
ServiceNumber : 0xe
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAllocateVirtualMemory
Image Path :
OriginalHandler : 0x8322dbec
CurrentHandler : 0x8773a128
ServiceNumber : 0x13
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlpcConnectPort
Image Path :
OriginalHandler : 0x8327944e
CurrentHandler : 0x8768c288
ServiceNumber : 0x16
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAssignProcessToJobObject
Image Path :
OriginalHandler : 0x83202fee
CurrentHandler : 0x87820e48
ServiceNumber : 0x2b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateMutant
Image Path :
OriginalHandler : 0x832142b2
CurrentHandler : 0x8773b3d0
ServiceNumber : 0x4a
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSymbolicLinkObject
Image Path :
OriginalHandler : 0x83205911
CurrentHandler : 0x87820b68
ServiceNumber : 0x56
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThread
Image Path :
OriginalHandler : 0x832dfeca
CurrentHandler : 0x8773a630
ServiceNumber : 0x57
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThreadEx
Image Path :
OriginalHandler : 0x8327436b
CurrentHandler : 0x87820c58
ServiceNumber : 0x58
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDebugActiveProcess
Image Path :
OriginalHandler : 0x832b1d9a
CurrentHandler : 0x87820f28
ServiceNumber : 0x60
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDuplicateObject
Image Path :
OriginalHandler : 0x8323567a
CurrentHandler : 0x8773a2f8
ServiceNumber : 0x6f
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwFreeVirtualMemory
Image Path :
OriginalHandler : 0x830bbaec
CurrentHandler : 0x8773be90
ServiceNumber : 0x83
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwImpersonateAnonymousToken
Image Path :
OriginalHandler : 0x831f98e0
CurrentHandler : 0x8773b4c0
ServiceNumber : 0x91
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwImpersonateThread
Image Path :
OriginalHandler : 0x8327d84c
CurrentHandler : 0x8773b5a0
ServiceNumber : 0x93
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadDriver
Image Path :
OriginalHandler : 0x831c9c20
CurrentHandler : 0x87688ba0
ServiceNumber : 0x9b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwMapViewOfSection
Image Path :
OriginalHandler : 0x8324a532
CurrentHandler : 0x8773bd90
ServiceNumber : 0xa8
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenEvent
Image Path :
OriginalHandler : 0x83213cae
CurrentHandler : 0x8773b2f0
ServiceNumber : 0xb1
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcess
Image Path :
OriginalHandler : 0x83215af8
CurrentHandler : 0x8773a4d8
ServiceNumber : 0xbe
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcessToken
Image Path :
OriginalHandler : 0x8326823f
CurrentHandler : 0x8773a218
ServiceNumber : 0xbf
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSection
Image Path :
OriginalHandler : 0x8326d8bb
CurrentHandler : 0x8773b130
ServiceNumber : 0xc2
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenThread
Image Path :
OriginalHandler : 0x83261fc3
CurrentHandler : 0x8773a3e8
ServiceNumber : 0xc6
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwProtectVirtualMemory
Image Path :
OriginalHandler : 0x832465a1
CurrentHandler : 0x87820d58
ServiceNumber : 0xd7
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwResumeThread
Image Path :
OriginalHandler : 0x83274592
CurrentHandler : 0x8773b840
ServiceNumber : 0x130
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetContextThread
Image Path :
OriginalHandler : 0x832e1745
CurrentHandler : 0x8773bae0
ServiceNumber : 0x13c
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetInformationProcess
Image Path :
OriginalHandler : 0x8323c78d
CurrentHandler : 0x8773bbc0
ServiceNumber : 0x14d
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemInformation
Image Path :
OriginalHandler : 0x8325229a
CurrentHandler : 0x8773b028
ServiceNumber : 0x15e
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendProcess
Image Path :
OriginalHandler : 0x832e1bd3
CurrentHandler : 0x8773b210
ServiceNumber : 0x16e
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendThread
Image Path :
OriginalHandler : 0x83299085
CurrentHandler : 0x8773b920
ServiceNumber : 0x16f
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateProcess
Image Path :
OriginalHandler : 0x8325ebfb
CurrentHandler : 0x8773a710
ServiceNumber : 0x172
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateThread
Image Path :
OriginalHandler : 0x8327c584
CurrentHandler : 0x8773ba00
ServiceNumber : 0x173
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwUnmapViewOfSection
Image Path :
OriginalHandler : 0x8326887a
CurrentHandler : 0x8773bcb0
ServiceNumber : 0x181
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwWriteVirtualMemory
Image Path :
OriginalHandler : 0x83263958
CurrentHandler : 0x8773bf80
ServiceNumber : 0x18f
ModuleName :
SDTType : 0x0
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
No kernel code patching detected.

--== Dump Hidden Services ==--
No hidden services found.

cosinus 03.02.2013 23:30
Hallo,

bitte das GMER Log nachreichen


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:27 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129