Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BOO/Sinowal.A in allen Bootsectoren!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.04.2009, 20:20   #1
Janosch12345
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Hallo.

Ich habe ein Problem.

Avira AntiVir zeigt BOO/Sinowal.A im HD3 Master Boot Sector, sowie in den Bootsectoren 'C:/' 'D:/' 'I:/' (ipod) und 'H:/' (externer harddrive) an.

Ich bitte euch um Hilfe, den Trojaner loszuwerden! Kenne mich nicht so besondes gut mit Computerdingen aus. Also bitte alles ganz genau erklären. Vielen Dank!

Ich habe Euch bei Google gefunden und gesehen, dass Ihr schon einigen leuten bei der Beseitigung geholfen habt. Ich hoffe Ihr könnt das gleiche auch bei mir tuen.

Habe mir wie von Euch empfohlen den CCleaner , Malewarebytes und HijackThis runtergeladen und durchlaufen lassen.

Hier die Codes

Malewarebytes:

[codeMalwarebytes' Anti-Malware 1.35
Datenbank Version: 1942
Windows 5.1.2600 Service Pack 3

06.04.2009 20:26:42
mbam-log-2009-04-06 (20-26-42).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|H:\|I:\|)
Durchsuchte Objekte: 224791
Laufzeit: 48 minute(s), 12 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
[code/]

und der von HijackThis:

[codeLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:35, on 06.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programme\ASUS\Wireless Console\wcourier.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\ASUS\Power4 Gear\BatteryLife.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam10\QuickCam10.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DNA\btdna.exe
C:\Programme\ASUS\Asus ChkMail\ChkMail.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programme\Safari\Safari.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://***.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Programme\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe
O4 - HKLM\..\Run: [Ulead Remote Control Center] C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [im_autorn] C:\WINDOWS\system32\im_2.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: [SystemManager] C:\WINDOWS\system32\auths.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programme\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://***.asus.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A69641D1-7770-4C33-B5A1-4AA79CB23A3A}: NameServer = 80.58.0.33,80.58.0.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe

--
End of file - 11656 bytes
[code/]

AviraAntiVir springt immernoch auf Sinowal.A an.

Danke schonmal im Vorraus.

Grüsse

Janosch12345

Alt 06.04.2009, 21:24   #2
Janosch12345
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Habe noch den Report von AntiVir

[Code]


Avira AntiVir Personal
Report file date: Montag, 6. April 2009 20:46

Scanning for 1342193 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ***

Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24.03.2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24.02.2009 10:13:28
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 08:58:26
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 09:35:50
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 08:58:54
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 10:30:38
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.02.2009 18:33:28
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01.04.2009 18:08:46
ANTIVIR3.VDF : 7.1.3.21 99328 Bytes 06.04.2009 17:58:38
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 27.01.2009 15:36:42
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 04.04.2009 17:58:40
AESCN.DLL : 8.1.1.10 127348 Bytes 04.04.2009 17:58:38
AERDL.DLL : 8.1.1.3 438645 Bytes 29.10.2008 16:24:42
AEPACK.DLL : 8.1.3.12 397687 Bytes 04.04.2009 17:58:38
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26.02.2009 18:01:58
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 04.04.2009 17:58:36
AEHELP.DLL : 8.1.2.2 119158 Bytes 26.02.2009 18:01:58
AEGEN.DLL : 8.1.1.33 340340 Bytes 04.04.2009 17:58:28
AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 12:32:40
AECORE.DLL : 8.1.6.7 176502 Bytes 04.04.2009 17:58:26
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 06:48:00
AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 08:32:16
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 12:34:30
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 08:32:10
AVARKT.DLL : 9.0.0.1 292609 Bytes 09.02.2009 05:52:26
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 08:37:10
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 13:03:50
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 06:21:34
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 08:32:12
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09.02.2009 09:45:46
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11.03.2009 13:55:14

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, I:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Montag, 6. April 2009 20:46

Starting search for hidden objects.
'52064' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'Winamp.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'Safari.exe' - '1' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
Scan process 'LVComSX.exe' - '1' Module(s) have been scanned
Scan process 'WMIAPSRV.EXE' - '1' Module(s) have been scanned
Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
Scan process 'ChkMail.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'RMC.EXE' - '1' Module(s) have been scanned
Scan process 'ATKOSD.EXE' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIAIE.EXE' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned
Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned
Scan process 'Alcmtr.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'OProtSvc.exe' - '1' Module(s) have been scanned
Scan process 'JQS.EXE' - '1' Module(s) have been scanned
Scan process 'RemoteControlService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process '1XConfig.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
70 processes with 70 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
Master boot sector HD3
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help

Start scanning boot sectors:
Boot sector 'C:\'
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[NOTE] The boot sector was not written!
Boot sector 'D:\'
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[NOTE] The boot sector was not written!
Boot sector 'I:\'
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[NOTE] The boot sector was not written!

Starting to scan executable files (registry).

The registry was scanned ( '77' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\WINDOWS\system32\drivers\sptd3405.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'I:\' <JANSEXTERNE>
I:\Killerspiele\Crysis\Key generator\rzr-crys.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ZNC back-door program

Beginning disinfection:
I:\Killerspiele\Crysis\Key generator\rzr-crys.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ZNC back-door program
[NOTE] The file was moved to '4a4c60ee.qua'!


End of the scan: Montag, 6. April 2009 22:05
Used time: 1:18:03 Hour(s)

The scan has been done completely.

10611 Scanned directories
561052 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
4 Files cannot be scanned
561047 Files not concerned
7259 Archives were scanned
6 Warnings
6 Notes
52064 Objects were scanned with rootkit scan
0 Hidden objects were found

Wäre für Tips wie ich meinen PC wieder sauber bekommen echt dankbar!

Gruss
__________________


Alt 06.04.2009, 21:26   #3
undoreal
/// AVZ-Toolkit Guru
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Halli hallo.

Master Boot Record überprüfen:

Lade dir die mbr.exe von GMER auf den Desktop und führe die Datei mit Administrator-Rechten aus.

Poste das log!

Sollte ein MBR Rootkit gefunden worde sein, das wird im log durch den Ausdruck
Zitat:
MBR rootkit code detected !
indiziert und du musst du eine Bereinigung vornehmen.

Downloade dir dafür die mbr.bat.txt von BataAlexander und speichere sie neben der mbr.exe auf dem Desktop.
Ändere die Endung der mbr.txt.bat in mbr.bat Eine vernünftige Ordneransicht ist dafür nötig.
Dann führe die mbr.bat. durch einen Doppelklick aus.
Dabei muss sich die mbr.exe von GMER ebenfalls auf dem Desktop befinden!

Der MBR wird bereinigt und es erscheint ein log. Poste auch diese log!
__________________
__________________

Alt 07.04.2009, 06:32   #4
nochdigger
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Moin

Zitat:
I:\Killerspiele\Crysis\Key generator\rzr-crys.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ZNC back-door program


lass bitte diese Dateien
C:\WINDOWS\system32\im_2.exe
C:\WINDOWS\system32\auths.exe
hier Virustotal, hier virscan.org
oder hier Jotti überprüfen (kann einige Minuten dauern),
poste die gesamten Ergebnisse mit der Angabe der Größe der hochgeladenen Datei sowie die MD5 und SHA1 Angaben oder verlinke auf die Auswertung,
bitte auch wenn nichts gefunden wurde.

Moin Undo

MFG
__________________
Kein Support per PN - Bitte im Forum posten.

Alt 07.04.2009, 06:34   #5
undoreal
/// AVZ-Toolkit Guru
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Morgen Nochdigger.

__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 07.04.2009, 19:33   #6
Janosch12345
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Hallo an euch Beide!
Vielen dank für eure Hilfe!

@Udoreal
Hier der MBR Code:

[code]
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
MBR rootkit code detected !
malicious code @ sector 0xba50e41 size 0x1c2 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
[code/]

nach dem ich mbr.bat gestartet habe kam dieser log:

[code]
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
[code/]

ich hoffe, dass ist so richtig?!

@nochdigger

habe beide dateien über die suchfunktionen und "manuell" gesucht und konnte keine der beiden Dateien finden? Kann das sein?

Tut mir echt leid, falls ich mich hier unbeholfen anstelle...

Ich hoffe Ihr könnt mir weiterhin helfen...
Für eure bisherige Mühe schonmal Danke!

MFG

Alt 08.04.2009, 06:53   #7
undoreal
/// AVZ-Toolkit Guru
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Zitat:
nach dem ich mbr.bat gestartet habe kam dieser log:

[code]
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
[code/]
O.k. das letzte Code Tag sollte übrigens so aussehen: [/c0de] Alternativ kannst du auch die Raute # über dem Nachrichtenfenster drücken.


Folge nuin bitte dieser Anleitung:
http://www.trojaner-board.de/59299-a...eb-cureit.html
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 09.04.2009, 15:41   #8
Janosch12345
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Hallo Undoreal.

Das scannen hat ne Zeit lang gedauert.

Hier die Auswertung:
Code:
ATTFilter
Master Boot Record HDD2;;BackDoor.MaosBoot;Desinfiziert.;
         

Das war alles was dabei rauskam?! Hat 12 stunden gedauert. Ich hoffe Du kannst damit etwas anfangen

Danke.

MFG

Alt 09.04.2009, 16:53   #9
undoreal
/// AVZ-Toolkit Guru
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Poste bitte das korrekte log so wie es in der Anleitung beschrieben steht.
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 09.04.2009, 18:17   #10
Janosch12345
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Das habe ich (eigentlich) so gemacht.
Lasse das Porgramm dann nochmal laufen...

Habe aber eben nochmal avira scannen lassen und es kam folgendes dabei raus

Code:
ATTFilter
Avira AntiVir Personal
Report file date: Donnerstag, 9. April 2009  17:42

Scanning for 1343465 virus strains and unwanted programs.

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : ***

Version information:
BUILD.DAT       : 9.0.0.387     17962 Bytes  24.03.2009 11:04:00
AVSCAN.EXE      : 9.0.3.3      464641 Bytes  24.02.2009 10:13:28
AVSCAN.DLL      : 9.0.3.0       40705 Bytes  27.02.2009 08:58:26
LUKE.DLL        : 9.0.3.2      209665 Bytes  20.02.2009 09:35:50
LUKERES.DLL     : 9.0.2.0       12033 Bytes  27.02.2009 08:58:54
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  27.10.2008 10:30:38
ANTIVIR1.VDF    : 7.1.2.12    3336192 Bytes  11.02.2009 18:33:28
ANTIVIR2.VDF    : 7.1.3.0     1330176 Bytes  01.04.2009 18:08:46
ANTIVIR3.VDF    : 7.1.3.27     117760 Bytes  07.04.2009 17:58:28
Engineversion   : 8.2.0.138
AEVDF.DLL       : 8.1.1.0      106868 Bytes  27.01.2009 15:36:42
AESCRIPT.DLL    : 8.1.1.73     373114 Bytes  04.04.2009 17:58:40
AESCN.DLL       : 8.1.1.10     127348 Bytes  04.04.2009 17:58:38
AERDL.DLL       : 8.1.1.3      438645 Bytes  29.10.2008 16:24:42
AEPACK.DLL      : 8.1.3.12     397687 Bytes  04.04.2009 17:58:38
AEOFFICE.DLL    : 8.1.0.36     196987 Bytes  26.02.2009 18:01:58
AEHEUR.DLL      : 8.1.0.114   1700214 Bytes  04.04.2009 17:58:36
AEHELP.DLL      : 8.1.2.2      119158 Bytes  26.02.2009 18:01:58
AEGEN.DLL       : 8.1.1.33     340340 Bytes  04.04.2009 17:58:28
AEEMU.DLL       : 8.1.0.9      393588 Bytes  09.10.2008 12:32:40
AECORE.DLL      : 8.1.6.7      176502 Bytes  04.04.2009 17:58:26
AEBB.DLL        : 8.1.0.3       53618 Bytes  09.10.2008 12:32:40
AVWINLL.DLL     : 9.0.0.3       18177 Bytes  12.12.2008 06:48:00
AVPREF.DLL      : 9.0.0.1       43777 Bytes  05.12.2008 08:32:16
AVREP.DLL       : 8.0.0.3      155905 Bytes  20.01.2009 12:34:30
AVREG.DLL       : 9.0.0.0       36609 Bytes  05.12.2008 08:32:10
AVARKT.DLL      : 9.0.0.1      292609 Bytes  09.02.2009 05:52:26
AVEVTLOG.DLL    : 9.0.0.7      167169 Bytes  30.01.2009 08:37:10
SQLITE3.DLL     : 3.6.1.0      326401 Bytes  28.01.2009 13:03:50
SMTPLIB.DLL     : 9.2.0.25      28417 Bytes  02.02.2009 06:21:34
NETNT.DLL       : 9.0.0.0       11521 Bytes  05.12.2008 08:32:12
RCIMAGE.DLL     : 9.0.0.21    2438401 Bytes  09.02.2009 09:45:46
RCTEXT.DLL      : 9.0.35.0      87297 Bytes  11.03.2009 13:55:14

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, I:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Donnerstag, 9. April 2009  17:42

Starting search for hidden objects.

    [INFO]      The process is not visible.
'52357' objects were checked, '1' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
Scan process 'LVComSX.exe' - '1' Module(s) have been scanned
Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'ChkMail.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.EXE' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'RMC.EXE' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIAIE.EXE' - '1' Module(s) have been scanned
Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned
Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned
Scan process 'Alcmtr.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'OProtSvc.exe' - '1' Module(s) have been scanned
Scan process 'JQS.EXE' - '1' Module(s) have been scanned
Scan process '1XConfig.exe' - '1' Module(s) have been scanned
Scan process 'RemoteControlService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
67 processes with 67 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '76' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\WINDOWS\system32\drivers\sptd3405.sys
    [WARNING]   The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING]   The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'I:\' <JANSEXTERNE>
I:\System Volume Information\_restore{8B742B4F-C375-4795-9546-6ECC64911055}\RP650\A0129146.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ZNC back-door program

Beginning disinfection:
I:\System Volume Information\_restore{8B742B4F-C375-4795-9546-6ECC64911055}\RP650\A0129146.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ZNC back-door program
    [NOTE]      The file was moved to '4a0f2c2c.qua'!


End of the scan: Donnerstag, 9. April 2009  19:10
Used time:  1:05:21 Hour(s)

The scan has been done completely.

  10757 Scanned directories
 561861 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      4 Files cannot be scanned
 561856 Files not concerned
   7273 Archives were scanned
      4 Warnings
      3 Notes
  52357 Objects were scanned with rootkit scan
      1 Hidden objects were found
         
aber ich lasse Dr. Web nochmals laufen und probiere das mit den Speichern nochmal.

Danke für die Geduld.

MFG

Alt 10.04.2009, 09:34   #11
undoreal
/// AVZ-Toolkit Guru
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Zitat:
aber ich lasse Dr. Web nochmals laufen und probiere das mit den Speichern nochmal.
Wenn du das log gespeichert hast dann ist es doch vorhanden.

In der log.txt Datei steht doch sicher mehr drinn als das was du gepostet hast oder?

Deaktiviere die Systemwiederherstellung auf allen Laufwerken. Nachdem die Bereinigung KOMPLETT beendet ist kann sie wieder aktiviert werden.


GMER - Rootkit Detection
  • Lade GMER von hier
  • entpacke es auf den Dektop
  • Doppelklicke die gmer.exe
  • Der Reiter Rootkit oben ist schon angewählt
  • Drücke Scan, Der Vorgang kann je nach System 3 - 10min dauern
  • nach Beendigung des Scan, drücke "Copy"
  • nun kannst Du das Ergebnis hier posten
  • Sollte GMER sagen "Gmer hasen´t found any System Modifikation", so hat GMER keine Einträge gefunden.
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 14.04.2009, 20:24   #12
Janosch12345
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Hallo Undoreal,

sorry dass ich erst jetzt zurück schreibe. Hatte probleme mit dem router. habe erst seit heute wieder internet.

Soll ich Dr. Web nochmal mit deaktivierter systemwiederherstellung laufen lassen? Nachdem ich ihn das zweite mal habe laufen lassen hat es 19 stunden gedauert und ich konnte keinen log speichern.. allerdings habe ich eine cureit.txt datei gefunden aber die ist 141mb gross.. kann das diese datei sein?

hier der log von gmer.. ist etwas lang deshalb in teilen:

Code:
ATTFilter
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-14 21:07:23
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT            F7002966                                                                                                                                               ZwCreateKey
SSDT            F700295C                                                                                                                                               ZwCreateThread
SSDT            F700296B                                                                                                                                               ZwDeleteKey
SSDT            F7002975                                                                                                                                               ZwDeleteValueKey
SSDT            sptd.sys                                                                                                                                               ZwEnumerateKey [0xF72D0C7E]
SSDT            sptd.sys                                                                                                                                               ZwEnumerateValueKey [0xF72D0FF6]
SSDT            F700297A                                                                                                                                               ZwLoadKey
SSDT            sptd.sys                                                                                                                                               ZwOpenKey [0xF72D0A18]
SSDT            F7002948                                                                                                                                               ZwOpenProcess
SSDT            F700294D                                                                                                                                               ZwOpenThread
SSDT            sptd.sys                                                                                                                                               ZwQueryKey [0xF72D10C0]
SSDT            sptd.sys                                                                                                                                               ZwQueryValueKey [0xF72D0F58]
SSDT            F7002984                                                                                                                                               ZwReplaceKey
SSDT            F700297F                                                                                                                                               ZwRestoreKey
SSDT            F7002970                                                                                                                                               ZwSetValueKey
SSDT            F7002957                                                                                                                                               ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

?               C:\WINDOWS\system32\drivers\sptd.sys                                                                                                                   Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
?               C:\WINDOWS\System32\Drivers\SPTD3405.SYS                                                                                                               Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                                     [F72CCA32] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                             [F72CCB6E] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                                    [F72CCAF6] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                            [F72CD6CC] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                                    [F72CD5A2] sptd.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                                     [F72EEC82] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\Explorer.EXE[688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                               [019B2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\Explorer.EXE[688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                                      [019B2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\Explorer.EXE[688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                                    [019B2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\Explorer.EXE[688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                          [019B2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                              [00BB2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                     [00BB2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                   [00BB2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                         [00BB2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Power4 Gear\BatteryLife.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                         [003D2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Power4 Gear\BatteryLife.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                [003D2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Power4 Gear\BatteryLife.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                              [003D2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Power4 Gear\BatteryLife.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                    [003D2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Java\jre6\bin\jusched.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                               [003E2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Java\jre6\bin\jusched.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                      [003E2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Java\jre6\bin\jusched.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                    [003E2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Java\jre6\bin\jusched.exe[1044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                          [003E2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                         [00AD2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                [00AD2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                              [00AD2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[1096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                    [00AD2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ATK0100\ATKOSD.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                        [00362EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ATK0100\ATKOSD.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                               [00362C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ATK0100\ATKOSD.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                             [00362C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ATK0100\ATKOSD.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                   [00362C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\system32\ctfmon.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                       [00512EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\system32\ctfmon.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                              [00512C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\system32\ctfmon.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                            [00512C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\system32\ctfmon.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                  [00512C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                            [00C82EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                   [00C82C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                 [00C82C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                       [00C82C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                         [003C2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                [003C2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                              [003C2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                    [003C2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\iTunes\iTunesHelper.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                 [009F2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\iTunes\iTunesHelper.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                        [009F2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\iTunes\iTunesHelper.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                      [009F2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\iTunes\iTunesHelper.exe[2240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                            [009F2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]           [00AA2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]  [00AA2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                [00AA2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]      [00AA2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Logitech\QuickCam10\QuickCam10.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                      [00B02EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Logitech\QuickCam10\QuickCam10.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                             [00B02C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Logitech\QuickCam10\QuickCam10.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                           [00B02C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Logitech\QuickCam10\QuickCam10.exe[2636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                 [00B02C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Intel\Wireless\Bin\EOUWiz.exe[2888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                           [00CF2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Intel\Wireless\Bin\EOUWiz.exe[2888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                  [00CF2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Intel\Wireless\Bin\EOUWiz.exe[2888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                [00CF2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Intel\Wireless\Bin\EOUWiz.exe[2888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                      [00CF2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                             [003D2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                    [003D2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                  [003D2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                        [003D2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                         [003E2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                [003E2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                              [003E2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                    [003E2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                          [00E52EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                 [00E52C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                               [00E52C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\Monitor.exe[3164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                     [00E52C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ATK0100\HControl.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                      [00EB2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ATK0100\HControl.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                             [00EB2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ATK0100\HControl.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]
         

Alt 14.04.2009, 20:29   #13
Janosch12345
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



der zweite teil :



Code:
ATTFilter
IAT             C:\WINDOWS\ATK0100\HControl.exe[3240] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                 [00EB2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                              [00B02EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                     [00B02C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                   [00B02C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Ulead Systems\Ulead InstaMedia 2.2\RMC.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                         [00B02C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                         [00A52EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                [00A52C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                              [00A52C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe[3468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                    [00A52C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Asus ChkMail\ChkMail.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                           [00392EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Asus ChkMail\ChkMail.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                  [00392C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Asus ChkMail\ChkMail.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                [00392C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Asus ChkMail\ChkMail.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                      [00392C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Wireless Console\wcourier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                      [00A12EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Wireless Console\wcourier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                             [00A12C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Wireless Console\wcourier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                           [00A12C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\ASUS\Wireless Console\wcourier.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                 [00A12C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                            [003D2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                   [003D2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                 [003D2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                       [003D2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\SOUNDMAN.EXE[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                              [003C2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\SOUNDMAN.EXE[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                                     [003C2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\SOUNDMAN.EXE[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                                   [003C2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\SOUNDMAN.EXE[3660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                         [003C2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ALCWZRD.EXE[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                               [00CC2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ALCWZRD.EXE[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                                      [00CC2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ALCWZRD.EXE[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                                    [00CC2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ALCWZRD.EXE[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                          [00CC2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\system32\WTablet\TabUserW.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                             [003C2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\system32\WTablet\TabUserW.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                    [003C2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\system32\WTablet\TabUserW.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                  [003C2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\system32\WTablet\TabUserW.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                        [003C2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                            [00D12EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                   [00D12C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                 [00D12C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                       [00D12C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ALCMTR.EXE[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                                [00A32EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ALCMTR.EXE[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                                       [00A32C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ALCMTR.EXE[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                                     [00A32C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\ALCMTR.EXE[3868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                           [00A32C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                         [00BA2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                [00BA2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                              [00BA2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                    [00BA2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[4004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                      [003D2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[4004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]             [003D2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[4004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                           [003D2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[4004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                 [003D2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\DNA\btdna.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                           [003B2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\DNA\btdna.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                                  [003B2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\DNA\btdna.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                                [003B2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\DNA\btdna.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                      [003B2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Dokumente und Einstellungen\***\Desktop\gmer.exe[4212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                           [00802EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Dokumente und Einstellungen\***\Desktop\gmer.exe[4212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                  [00802C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Dokumente und Einstellungen\***\Desktop\gmer.exe[4212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                [00802C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Dokumente und Einstellungen\***\Desktop\gmer.exe[4212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                      [00802C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe[5312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                 [008A2EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe[5312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                        [008A2C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe[5312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                      [008A2C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe[5312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                            [008A2C60] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Safari\Safari.exe[5652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                       [00F82EC0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Safari\Safari.exe[5652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                              [00F82C30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Safari\Safari.exe[5652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                            [00F82C90] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\Programme\Safari\Safari.exe[5652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]
         

Alt 14.04.2009, 20:30   #14
Janosch12345
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



teil drei:

Code:
ATTFilter
---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Fastfat \FatCdrom                                                                                                                          8758A0E8

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                                              875D59C0
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                                                                875D59C0
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                                                   875D59C0
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                                                  875D59C0
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                 875D5C78
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                                 875D5C78
Device          \Driver\Cdrom \Device\CdRom0                                                                                                                           87085638
Device          \FileSystem\Rdbss \Device\FsWrap                                                                                                                       8714E0E8
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                                                 875D5C78
Device          \Driver\NetBT \Device\NetBT_Tcpip_{A69641D1-7770-4C33-B5A1-4AA79CB23A3A}                                                                               873170E8
Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                                                                 875D5C78
Device          \Driver\USBSTOR \Device\000000b3                                                                                                                       87278A90
Device          \Driver\USBSTOR \Device\000000b4                                                                                                                       87278A90
Device          \Driver\USBSTOR \Device\000000b5                                                                                                                       87278A90
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                873170E8
Device          \Driver\USBSTOR \Device\000000b6                                                                                                                       87278A90
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                                       873170E8
Device          \Driver\Disk \Device\Harddisk0\DR0                                                                                                                     875D5450
Device          \Driver\Disk \Device\Harddisk1\DR4                                                                                                                     875D5450
Device          \Driver\Disk \Device\Harddisk1\DP(1)0-0+5                                                                                                              875D5450
Device          \Driver\Disk \Device\Harddisk2\DR6                                                                                                                     875D5450
Device          \Driver\Disk \Device\Harddisk3\DR8                                                                                                                     875D5450
Device          \Driver\Disk \Device\Harddisk3\DP(1)0-0+9                                                                                                              875D5450
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                                      8713D0E8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                            8713D0E8
Device          \FileSystem\Npfs \Device\NamedPipe                                                                                                                     872840E8
Device          \Driver\Ftdisk \Device\FtControl                                                                                                                       875D5C78
Device          \FileSystem\Msfs \Device\Mailslot                                                                                                                      87388688
Device          \FileSystem\Fastfat \Fat                                                                                                                               8758A0E8

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                                                 87083608

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                           
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                        C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                        0
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                     0x21 0xBE 0xBE 0xC2 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                                  
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                            0xB3 0x8A 0x00 0xF2 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                            
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                      0x64 0x62 0x03 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                           
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                        C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                        0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                     0x21 0xBE 0xBE 0xC2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                            0xB3 0x8A 0x00 0xF2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                            
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                      0x8E 0xBB 0x90 0x4A ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                           
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                        C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                        0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                     0x21 0xBE 0xBE 0xC2 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                            0xB3 0x8A 0x00 0xF2 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                            
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                      0x64 0x62 0x03 0x00 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                           
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                        C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                        0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                     0x21 0xBE 0xBE 0xC2 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                                  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                            0xB3 0x8A 0x00 0xF2 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                            
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                      0x64 0x62 0x03 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0                                                                                                     -784208758
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                     1522684597
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                     -96415337
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                     1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                    C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                    0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                 0x21 0xBE 0xBE 0xC2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                        0xB3 0x8A 0x00 0xF2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                  0x8E 0xBB 0x90 0x4A ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                           
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                        C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                        0
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                     0x21 0xBE 0xBE 0xC2 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                                  
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                            0xB3 0x8A 0x00 0xF2 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                            
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                      0x8E 0xBB 0x90 0x4A ...

---- EOF - GMER 1.0.15 ----
         
danke für deine Hilfe!!

Alt 14.04.2009, 21:39   #15
undoreal
/// AVZ-Toolkit Guru
 
BOO/Sinowal.A in allen Bootsectoren! - Standard

BOO/Sinowal.A in allen Bootsectoren!



Die logs sind sauber.

die cureit.txt lade bitte bei rapidshare hoch und poste den downloadlink.

Und überprüfe den Rechner bitte abermals nach folgender Anleitung:
http://www.trojaner-board.de/54192-a...tellungen.html

Gibt es Auffäligkeiten am Rechner?
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Antwort

Themen zu BOO/Sinowal.A in allen Bootsectoren!
adobe, antivir, antivir guard, asus, beseitigung, bho, bonjour, boo/sinowal.a, control center, desktop, disabled.securitycenter, excel, explorer, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, pdf, plug-in, programme, registrierungsschlüssel, remote control, security, software, system, trojaner, usb, windows xp




Ähnliche Themen: BOO/Sinowal.A in allen Bootsectoren!


  1. Windows 7: Auf allen Webseiten erscheinen aus allen richtungen Werbebanner und neue Werbefenster werden automatisch göffnet.
    Log-Analyse und Auswertung - 26.04.2015 (7)
  2. Pop-Up Fenster in allen Browsern - Win 7
    Log-Analyse und Auswertung - 23.06.2014 (5)
  3. Werbung in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 27.11.2013 (12)
  4. BTDs in allen Spielen
    Alles rund um Windows - 04.07.2013 (19)
  5. searchnu.com auf allen suchmaschinen
    Log-Analyse und Auswertung - 24.03.2013 (3)
  6. Werbung in allen Browsern
    Log-Analyse und Auswertung - 06.12.2012 (22)
  7. BOO/Whistler.A auf allen Partitionen
    Plagegeister aller Art und deren Bekämpfung - 12.05.2012 (11)
  8. Wie entferne ich BDS/Sinowal.knfal oder generell Sinowal?
    Plagegeister aller Art und deren Bekämpfung - 31.12.2011 (17)
  9. RKIT/MBR.Sinowal.J ...Boo/Sinowal.C ...W32/Stanit
    Plagegeister aller Art und deren Bekämpfung - 25.02.2011 (15)
  10. BOO/Sinowal.F, auf allen Partitionen
    Plagegeister aller Art und deren Bekämpfung - 07.11.2010 (4)
  11. DNSSEC auf allen Rootservern
    Nachrichten - 06.05.2010 (0)
  12. Ein Dank allen Mitgliedern....
    Lob, Kritik und Wünsche - 06.10.2009 (9)
  13. Plus in allen Leerzeilen
    Plagegeister aller Art und deren Bekämpfung - 21.10.2008 (4)
  14. Treibersuche bei allen USB-Geräten
    Alles rund um Windows - 16.01.2008 (0)
  15. 100% cpu-auslastung bei allen Programmen
    Log-Analyse und Auswertung - 10.11.2007 (0)
  16. Probleme mit allen Browsern
    Log-Analyse und Auswertung - 01.10.2006 (9)

Zum Thema BOO/Sinowal.A in allen Bootsectoren! - Hallo. Ich habe ein Problem. Avira AntiVir zeigt BOO/Sinowal.A im HD3 Master Boot Sector, sowie in den Bootsectoren 'C:/' 'D:/' 'I:/' (ipod) und 'H:/' (externer harddrive) an. Ich bitte euch - BOO/Sinowal.A in allen Bootsectoren!...
Archiv
Du betrachtest: BOO/Sinowal.A in allen Bootsectoren! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.