|
Plagegeister aller Art und deren Bekämpfung: BOO/Sinowal.A in allen Bootsectoren!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.04.2009, 20:20 | #1 |
| BOO/Sinowal.A in allen Bootsectoren! Hallo. Ich habe ein Problem. Avira AntiVir zeigt BOO/Sinowal.A im HD3 Master Boot Sector, sowie in den Bootsectoren 'C:/' 'D:/' 'I:/' (ipod) und 'H:/' (externer harddrive) an. Ich bitte euch um Hilfe, den Trojaner loszuwerden! Kenne mich nicht so besondes gut mit Computerdingen aus. Also bitte alles ganz genau erklären. Vielen Dank! Ich habe Euch bei Google gefunden und gesehen, dass Ihr schon einigen leuten bei der Beseitigung geholfen habt. Ich hoffe Ihr könnt das gleiche auch bei mir tuen. Habe mir wie von Euch empfohlen den CCleaner , Malewarebytes und HijackThis runtergeladen und durchlaufen lassen. Hier die Codes Malewarebytes: [codeMalwarebytes' Anti-Malware 1.35 Datenbank Version: 1942 Windows 5.1.2600 Service Pack 3 06.04.2009 20:26:42 mbam-log-2009-04-06 (20-26-42).txt Scan-Methode: Vollständiger Scan (C:\|D:\|H:\|I:\|) Durchsuchte Objekte: 224791 Laufzeit: 48 minute(s), 12 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) [code/] und der von HijackThis: [codeLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:35:35, on 06.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\RemoteControlService.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Intel\Wireless\Bin\OProtSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\Programme\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\ATK0100\HControl.exe C:\Programme\ASUS\Wireless Console\wcourier.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\ASUS\Power4 Gear\BatteryLife.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Intel\Wireless\Bin\EOUWiz.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Logitech\QuickCam10\QuickCam10.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\DNA\btdna.exe C:\Programme\ASUS\Asus ChkMail\ChkMail.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Programme\Safari\Safari.exe C:\Programme\Java\jre6\bin\jucheck.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://***.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Wireless Console] C:\Programme\ASUS\Wireless Console\wcourier.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe O4 - HKLM\..\Run: [Ulead Remote Control Center] C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [im_autorn] C:\WINDOWS\system32\im_2.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe" O4 - HKLM\..\Policies\Explorer\Run: [SystemManager] C:\WINDOWS\system32\auths.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ASUS ChkMail.lnk = C:\Programme\ASUS\Asus ChkMail\ChkMail.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://***.asus.com O17 - HKLM\System\CCS\Services\Tcpip\..\{A69641D1-7770-4C33-B5A1-4AA79CB23A3A}: NameServer = 80.58.0.33,80.58.0.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe -- End of file - 11656 bytes [code/] AviraAntiVir springt immernoch auf Sinowal.A an. Danke schonmal im Vorraus. Grüsse Janosch12345 |
06.04.2009, 21:24 | #2 |
| BOO/Sinowal.A in allen Bootsectoren! Habe noch den Report von AntiVir
__________________[Code] Avira AntiVir Personal Report file date: Montag, 6. April 2009 20:46 Scanning for 1342193 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : *** Version information: BUILD.DAT : 9.0.0.387 17962 Bytes 24.03.2009 11:04:00 AVSCAN.EXE : 9.0.3.3 464641 Bytes 24.02.2009 10:13:28 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 08:58:26 LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 09:35:50 LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 08:58:54 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 10:30:38 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.02.2009 18:33:28 ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01.04.2009 18:08:46 ANTIVIR3.VDF : 7.1.3.21 99328 Bytes 06.04.2009 17:58:38 Engineversion : 8.2.0.138 AEVDF.DLL : 8.1.1.0 106868 Bytes 27.01.2009 15:36:42 AESCRIPT.DLL : 8.1.1.73 373114 Bytes 04.04.2009 17:58:40 AESCN.DLL : 8.1.1.10 127348 Bytes 04.04.2009 17:58:38 AERDL.DLL : 8.1.1.3 438645 Bytes 29.10.2008 16:24:42 AEPACK.DLL : 8.1.3.12 397687 Bytes 04.04.2009 17:58:38 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26.02.2009 18:01:58 AEHEUR.DLL : 8.1.0.114 1700214 Bytes 04.04.2009 17:58:36 AEHELP.DLL : 8.1.2.2 119158 Bytes 26.02.2009 18:01:58 AEGEN.DLL : 8.1.1.33 340340 Bytes 04.04.2009 17:58:28 AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 12:32:40 AECORE.DLL : 8.1.6.7 176502 Bytes 04.04.2009 17:58:26 AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 12:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 06:48:00 AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 08:32:16 AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 12:34:30 AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 08:32:10 AVARKT.DLL : 9.0.0.1 292609 Bytes 09.02.2009 05:52:26 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 08:37:10 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 13:03:50 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 06:21:34 NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 08:32:12 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09.02.2009 09:45:46 RCTEXT.DLL : 9.0.35.0 87297 Bytes 11.03.2009 13:55:14 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, I:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Montag, 6. April 2009 20:46 Starting search for hidden objects. '52064' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'Winamp.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'jucheck.exe' - '1' Module(s) have been scanned Scan process 'Safari.exe' - '1' Module(s) have been scanned Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned Scan process 'LVComSX.exe' - '1' Module(s) have been scanned Scan process 'WMIAPSRV.EXE' - '1' Module(s) have been scanned Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned Scan process 'TabUserW.exe' - '1' Module(s) have been scanned Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned Scan process 'ChkMail.exe' - '1' Module(s) have been scanned Scan process 'btdna.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'RMC.EXE' - '1' Module(s) have been scanned Scan process 'ATKOSD.EXE' - '1' Module(s) have been scanned Scan process 'Monitor.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'E_FATIAIE.EXE' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned Scan process 'Alcmtr.exe' - '1' Module(s) have been scanned Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned Scan process 'SoundMan.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned Scan process 'HControl.exe' - '1' Module(s) have been scanned Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned Scan process 'Tablet.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'OProtSvc.exe' - '1' Module(s) have been scanned Scan process 'JQS.EXE' - '1' Module(s) have been scanned Scan process 'RemoteControlService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process '1XConfig.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 70 processes with 70 modules were scanned Starting master boot sector scan: Master boot sector HD0 [DETECTION] Contains code of the BOO/Sinowal.A boot sector virus [WARNING] The boot sector cannot be repaired! You can find more information in the help Master boot sector HD3 [DETECTION] Contains code of the BOO/Sinowal.A boot sector virus [WARNING] The boot sector cannot be repaired! You can find more information in the help Start scanning boot sectors: Boot sector 'C:\' [DETECTION] Contains code of the BOO/Sinowal.A boot sector virus [NOTE] The boot sector was not written! Boot sector 'D:\' [DETECTION] Contains code of the BOO/Sinowal.A boot sector virus [NOTE] The boot sector was not written! Boot sector 'I:\' [DETECTION] Contains code of the BOO/Sinowal.A boot sector virus [NOTE] The boot sector was not written! Starting to scan executable files (registry). The registry was scanned ( '77' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\WINDOWS\system32\drivers\sptd3405.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'I:\' <JANSEXTERNE> I:\Killerspiele\Crysis\Key generator\rzr-crys.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ZNC back-door program Beginning disinfection: I:\Killerspiele\Crysis\Key generator\rzr-crys.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ZNC back-door program [NOTE] The file was moved to '4a4c60ee.qua'! End of the scan: Montag, 6. April 2009 22:05 Used time: 1:18:03 Hour(s) The scan has been done completely. 10611 Scanned directories 561052 Files were scanned 6 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 4 Files cannot be scanned 561047 Files not concerned 7259 Archives were scanned 6 Warnings 6 Notes 52064 Objects were scanned with rootkit scan 0 Hidden objects were found Wäre für Tips wie ich meinen PC wieder sauber bekommen echt dankbar! Gruss |
06.04.2009, 21:26 | #3 | |
/// AVZ-Toolkit Guru | BOO/Sinowal.A in allen Bootsectoren! Halli hallo.
__________________Master Boot Record überprüfen: Lade dir die mbr.exe von GMER auf den Desktop und führe die Datei mit Administrator-Rechten aus. Poste das log! Sollte ein MBR Rootkit gefunden worde sein, das wird im log durch den Ausdruck Zitat:
Downloade dir dafür die mbr.bat.txt von BataAlexander und speichere sie neben der mbr.exe auf dem Desktop. Ändere die Endung der mbr.txt.bat in mbr.bat Eine vernünftige Ordneransicht ist dafür nötig. Dann führe die mbr.bat. durch einen Doppelklick aus. Dabei muss sich die mbr.exe von GMER ebenfalls auf dem Desktop befinden! Der MBR wird bereinigt und es erscheint ein log. Poste auch diese log!
__________________ |
07.04.2009, 06:32 | #4 | |
| BOO/Sinowal.A in allen Bootsectoren! Moin Zitat:
lass bitte diese Dateien C:\WINDOWS\system32\im_2.exe C:\WINDOWS\system32\auths.exe hier Virustotal, hier virscan.org oder hier Jotti überprüfen (kann einige Minuten dauern), poste die gesamten Ergebnisse mit der Angabe der Größe der hochgeladenen Datei sowie die MD5 und SHA1 Angaben oder verlinke auf die Auswertung, bitte auch wenn nichts gefunden wurde. Moin Undo MFG
__________________ Kein Support per PN - Bitte im Forum posten. Wenn du das Forum unterstützen möchtest Genitiv ins Wasser, weil es dativ ist http://www.vivaconagua.org/ |
07.04.2009, 06:34 | #5 |
/// AVZ-Toolkit Guru | BOO/Sinowal.A in allen Bootsectoren! Morgen Nochdigger.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
07.04.2009, 19:33 | #6 |
| BOO/Sinowal.A in allen Bootsectoren! Hallo an euch Beide! Vielen dank für eure Hilfe! @Udoreal Hier der MBR Code: [code] Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK MBR rootkit code detected ! malicious code @ sector 0xba50e41 size 0x1c2 ! copy of MBR has been found in sector 62 ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. [code/] nach dem ich mbr.bat gestartet habe kam dieser log: [code] Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully [code/] ich hoffe, dass ist so richtig?! @nochdigger habe beide dateien über die suchfunktionen und "manuell" gesucht und konnte keine der beiden Dateien finden? Kann das sein? Tut mir echt leid, falls ich mich hier unbeholfen anstelle... Ich hoffe Ihr könnt mir weiterhin helfen... Für eure bisherige Mühe schonmal Danke! MFG |
08.04.2009, 06:53 | #7 | |
/// AVZ-Toolkit Guru | BOO/Sinowal.A in allen Bootsectoren!Zitat:
Folge nuin bitte dieser Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
09.04.2009, 15:41 | #8 |
| BOO/Sinowal.A in allen Bootsectoren! Hallo Undoreal. Das scannen hat ne Zeit lang gedauert. Hier die Auswertung: Code:
ATTFilter Master Boot Record HDD2;;BackDoor.MaosBoot;Desinfiziert.; Das war alles was dabei rauskam?! Hat 12 stunden gedauert. Ich hoffe Du kannst damit etwas anfangen Danke. MFG |
09.04.2009, 16:53 | #9 |
/// AVZ-Toolkit Guru | BOO/Sinowal.A in allen Bootsectoren! Poste bitte das korrekte log so wie es in der Anleitung beschrieben steht.
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
09.04.2009, 18:17 | #10 |
| BOO/Sinowal.A in allen Bootsectoren! Das habe ich (eigentlich) so gemacht. Lasse das Porgramm dann nochmal laufen... Habe aber eben nochmal avira scannen lassen und es kam folgendes dabei raus Code:
ATTFilter Avira AntiVir Personal Report file date: Donnerstag, 9. April 2009 17:42 Scanning for 1343465 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : *** Version information: BUILD.DAT : 9.0.0.387 17962 Bytes 24.03.2009 11:04:00 AVSCAN.EXE : 9.0.3.3 464641 Bytes 24.02.2009 10:13:28 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 08:58:26 LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 09:35:50 LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 08:58:54 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 10:30:38 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.02.2009 18:33:28 ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01.04.2009 18:08:46 ANTIVIR3.VDF : 7.1.3.27 117760 Bytes 07.04.2009 17:58:28 Engineversion : 8.2.0.138 AEVDF.DLL : 8.1.1.0 106868 Bytes 27.01.2009 15:36:42 AESCRIPT.DLL : 8.1.1.73 373114 Bytes 04.04.2009 17:58:40 AESCN.DLL : 8.1.1.10 127348 Bytes 04.04.2009 17:58:38 AERDL.DLL : 8.1.1.3 438645 Bytes 29.10.2008 16:24:42 AEPACK.DLL : 8.1.3.12 397687 Bytes 04.04.2009 17:58:38 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26.02.2009 18:01:58 AEHEUR.DLL : 8.1.0.114 1700214 Bytes 04.04.2009 17:58:36 AEHELP.DLL : 8.1.2.2 119158 Bytes 26.02.2009 18:01:58 AEGEN.DLL : 8.1.1.33 340340 Bytes 04.04.2009 17:58:28 AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 12:32:40 AECORE.DLL : 8.1.6.7 176502 Bytes 04.04.2009 17:58:26 AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 12:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 06:48:00 AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 08:32:16 AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 12:34:30 AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 08:32:10 AVARKT.DLL : 9.0.0.1 292609 Bytes 09.02.2009 05:52:26 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 08:37:10 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 13:03:50 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 06:21:34 NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 08:32:12 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09.02.2009 09:45:46 RCTEXT.DLL : 9.0.35.0 87297 Bytes 11.03.2009 13:55:14 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, I:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Donnerstag, 9. April 2009 17:42 Starting search for hidden objects. [INFO] The process is not visible. '52357' objects were checked, '1' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned Scan process 'LVComSX.exe' - '1' Module(s) have been scanned Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned Scan process 'TabUserW.exe' - '1' Module(s) have been scanned Scan process 'ChkMail.exe' - '1' Module(s) have been scanned Scan process 'btdna.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned Scan process 'ATKOSD.EXE' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'RMC.EXE' - '1' Module(s) have been scanned Scan process 'Monitor.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'E_FATIAIE.EXE' - '1' Module(s) have been scanned Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned Scan process 'Alcmtr.exe' - '1' Module(s) have been scanned Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SoundMan.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned Scan process 'HControl.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned Scan process 'Tablet.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'OProtSvc.exe' - '1' Module(s) have been scanned Scan process 'JQS.EXE' - '1' Module(s) have been scanned Scan process '1XConfig.exe' - '1' Module(s) have been scanned Scan process 'RemoteControlService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 67 processes with 67 modules were scanned Starting master boot sector scan: Start scanning boot sectors: Starting to scan executable files (registry). The registry was scanned ( '76' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\WINDOWS\system32\drivers\sptd3405.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'I:\' <JANSEXTERNE> I:\System Volume Information\_restore{8B742B4F-C375-4795-9546-6ECC64911055}\RP650\A0129146.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ZNC back-door program Beginning disinfection: I:\System Volume Information\_restore{8B742B4F-C375-4795-9546-6ECC64911055}\RP650\A0129146.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ZNC back-door program [NOTE] The file was moved to '4a0f2c2c.qua'! End of the scan: Donnerstag, 9. April 2009 19:10 Used time: 1:05:21 Hour(s) The scan has been done completely. 10757 Scanned directories 561861 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 4 Files cannot be scanned 561856 Files not concerned 7273 Archives were scanned 4 Warnings 3 Notes 52357 Objects were scanned with rootkit scan 1 Hidden objects were found Danke für die Geduld. MFG |
10.04.2009, 09:34 | #11 | |
/// AVZ-Toolkit Guru | BOO/Sinowal.A in allen Bootsectoren!Zitat:
In der log.txt Datei steht doch sicher mehr drinn als das was du gepostet hast oder? Deaktiviere die Systemwiederherstellung auf allen Laufwerken. Nachdem die Bereinigung KOMPLETT beendet ist kann sie wieder aktiviert werden. GMER - Rootkit Detection
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
14.04.2009, 20:24 | #12 |
| BOO/Sinowal.A in allen Bootsectoren! Hallo Undoreal, sorry dass ich erst jetzt zurück schreibe. Hatte probleme mit dem router. habe erst seit heute wieder internet. Soll ich Dr. Web nochmal mit deaktivierter systemwiederherstellung laufen lassen? Nachdem ich ihn das zweite mal habe laufen lassen hat es 19 stunden gedauert und ich konnte keinen log speichern.. allerdings habe ich eine cureit.txt datei gefunden aber die ist 141mb gross.. kann das diese datei sein? hier der log von gmer.. ist etwas lang deshalb in teilen: Code:
ATTFilter GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-14 21:07:23 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT F7002966 ZwCreateKey SSDT F700295C ZwCreateThread SSDT F700296B ZwDeleteKey SSDT F7002975 ZwDeleteValueKey SSDT sptd.sys ZwEnumerateKey [0xF72D0C7E] SSDT sptd.sys ZwEnumerateValueKey [0xF72D0FF6] SSDT F700297A ZwLoadKey SSDT sptd.sys ZwOpenKey [0xF72D0A18] SSDT F7002948 ZwOpenProcess SSDT F700294D ZwOpenThread SSDT sptd.sys ZwQueryKey [0xF72D10C0] SSDT sptd.sys ZwQueryValueKey [0xF72D0F58] SSDT F7002984 ZwReplaceKey SSDT F700297F ZwRestoreKey SSDT F7002970 ZwSetValueKey SSDT F7002957 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. ? C:\WINDOWS\System32\Drivers\SPTD3405.SYS Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72CCA32] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72CCB6E] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72CCAF6] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72CD6CC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72CD5A2] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72EEC82] sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [019B2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [019B2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [019B2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [019B2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BB2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BB2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BB2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BB2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Power4 Gear\BatteryLife.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Power4 Gear\BatteryLife.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Power4 Gear\BatteryLife.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Power4 Gear\BatteryLife.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Java\jre6\bin\jusched.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Java\jre6\bin\jusched.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Java\jre6\bin\jusched.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Java\jre6\bin\jusched.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AD2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AD2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AD2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AD2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ATK0100\ATKOSD.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00362EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ATK0100\ATKOSD.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00362C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ATK0100\ATKOSD.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00362C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ATK0100\ATKOSD.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00362C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00512EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00512C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00512C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00512C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C82EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C82C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C82C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C82C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\iTunes\iTunesHelper.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\iTunes\iTunesHelper.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\iTunes\iTunesHelper.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\iTunes\iTunesHelper.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\QuickCam10\QuickCam10.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\QuickCam10\QuickCam10.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\QuickCam10\QuickCam10.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\QuickCam10\QuickCam10.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Intel\Wireless\Bin\EOUWiz.exe[2888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CF2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Intel\Wireless\Bin\EOUWiz.exe[2888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CF2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Intel\Wireless\Bin\EOUWiz.exe[2888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CF2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Intel\Wireless\Bin\EOUWiz.exe[2888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CF2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E52EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E52C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E52C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E52C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ATK0100\HControl.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00EB2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ATK0100\HControl.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00EB2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ATK0100\HControl.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] |
14.04.2009, 20:29 | #13 |
| BOO/Sinowal.A in allen Bootsectoren! der zweite teil : Code:
ATTFilter IAT C:\WINDOWS\ATK0100\HControl.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00EB2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A52EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A52C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A52C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A52C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Asus ChkMail\ChkMail.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Asus ChkMail\ChkMail.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Asus ChkMail\ChkMail.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00392C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Asus ChkMail\ChkMail.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Wireless Console\wcourier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Wireless Console\wcourier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Wireless Console\wcourier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\ASUS\Wireless Console\wcourier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\SOUNDMAN.EXE[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\SOUNDMAN.EXE[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\SOUNDMAN.EXE[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\SOUNDMAN.EXE[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ALCWZRD.EXE[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CC2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ALCWZRD.EXE[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CC2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ALCWZRD.EXE[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CC2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ALCWZRD.EXE[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CC2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\WTablet\TabUserW.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\WTablet\TabUserW.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\WTablet\TabUserW.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\WTablet\TabUserW.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D12EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D12C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D12C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D12C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ALCMTR.EXE[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ALCMTR.EXE[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ALCMTR.EXE[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\ALCMTR.EXE[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BA2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BA2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BA2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BA2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[4004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[4004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[4004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[4004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\DNA\btdna.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\DNA\btdna.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\DNA\btdna.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\DNA\btdna.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\***\Desktop\gmer.exe[4212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\***\Desktop\gmer.exe[4212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\***\Desktop\gmer.exe[4212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Dokumente und Einstellungen\***\Desktop\gmer.exe[4212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe[5312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008A2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe[5312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008A2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe[5312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008A2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe[5312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008A2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Safari\Safari.exe[5652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F82EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Safari\Safari.exe[5652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F82C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Safari\Safari.exe[5652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F82C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Safari\Safari.exe[5652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] |
14.04.2009, 20:30 | #14 |
| BOO/Sinowal.A in allen Bootsectoren! teil drei: Code:
ATTFilter ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \FatCdrom 8758A0E8 AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\dmio \Device\DmControl\DmIoDaemon 875D59C0 Device \Driver\dmio \Device\DmControl\DmConfig 875D59C0 Device \Driver\dmio \Device\DmControl\DmPnP 875D59C0 Device \Driver\dmio \Device\DmControl\DmInfo 875D59C0 Device \Driver\Ftdisk \Device\HarddiskVolume1 875D5C78 Device \Driver\Ftdisk \Device\HarddiskVolume2 875D5C78 Device \Driver\Cdrom \Device\CdRom0 87085638 Device \FileSystem\Rdbss \Device\FsWrap 8714E0E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 875D5C78 Device \Driver\NetBT \Device\NetBT_Tcpip_{A69641D1-7770-4C33-B5A1-4AA79CB23A3A} 873170E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 875D5C78 Device \Driver\USBSTOR \Device\000000b3 87278A90 Device \Driver\USBSTOR \Device\000000b4 87278A90 Device \Driver\USBSTOR \Device\000000b5 87278A90 Device \Driver\NetBT \Device\NetBt_Wins_Export 873170E8 Device \Driver\USBSTOR \Device\000000b6 87278A90 Device \Driver\NetBT \Device\NetbiosSmb 873170E8 Device \Driver\Disk \Device\Harddisk0\DR0 875D5450 Device \Driver\Disk \Device\Harddisk1\DR4 875D5450 Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+5 875D5450 Device \Driver\Disk \Device\Harddisk2\DR6 875D5450 Device \Driver\Disk \Device\Harddisk3\DR8 875D5450 Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+9 875D5450 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8713D0E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8713D0E8 Device \FileSystem\Npfs \Device\NamedPipe 872840E8 Device \Driver\Ftdisk \Device\FtControl 875D5C78 Device \FileSystem\Msfs \Device\Mailslot 87388688 Device \FileSystem\Fastfat \Fat 8758A0E8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 87083608 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0xBE 0xBE 0xC2 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x8A 0x00 0xF2 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0xBE 0xBE 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x8A 0x00 0xF2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8E 0xBB 0x90 0x4A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0xBE 0xBE 0xC2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x8A 0x00 0xF2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0xBE 0xBE 0xC2 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x8A 0x00 0xF2 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -784208758 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1522684597 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -96415337 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0xBE 0xBE 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x8A 0x00 0xF2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8E 0xBB 0x90 0x4A ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0xBE 0xBE 0xC2 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0x8A 0x00 0xF2 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8E 0xBB 0x90 0x4A ... ---- EOF - GMER 1.0.15 ---- |
14.04.2009, 21:39 | #15 |
/// AVZ-Toolkit Guru | BOO/Sinowal.A in allen Bootsectoren! Die logs sind sauber. die cureit.txt lade bitte bei rapidshare hoch und poste den downloadlink. Und überprüfe den Rechner bitte abermals nach folgender Anleitung: http://www.trojaner-board.de/54192-a...tellungen.html Gibt es Auffäligkeiten am Rechner?
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
Themen zu BOO/Sinowal.A in allen Bootsectoren! |
adobe, antivir, antivir guard, asus, beseitigung, bho, bonjour, boo/sinowal.a, control center, desktop, disabled.securitycenter, excel, explorer, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, pdf, plug-in, programme, registrierungsschlüssel, remote control, security, software, system, trojaner, usb, windows xp |