|
Plagegeister aller Art und deren Bekämpfung: BOO/Sinowal.eWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.10.2009, 17:02 | #1 |
| BOO/Sinowal.e Tag. Hab für ne Freundin eine Sicherung auf meinen PC gezogen, danach nen Virenscan gemacht. Hab leider erst heute von einem Freund erfahren, dass sie NIE nen Virenscan oder aktuelle Software auf ihrem PC hatte. Auf jeden fall hab ich nun einen BOO/Sinowal.e in den Bootsektoren /c & /d. (Letzte VirenPrüfung war eine ca eine Woche vorher) GMER läuft nun schon seit ca 4 Stunden - und ich hätte ihn eigendlich schon gerne platt gemacht, weil ich keinen Kopf hab um mit dem PC rumzukämpfen. Mein Problem ist aber, dass dort wichtige Daten (wie u.a. auch die Sicherungen) drauf sind - und ich die gerne retten würde. Ohne BOO/Sinowal.e mit zu kopieren, daher meine Frage; wie immunisier ich BOO/Sinowal.e am besten um die wichtigen Daten noch zuretten? Danke schonmal Mfg stb ps. da der Trojaner mein Gateway irgendwie auser Gefecht gezogen hat muss ich alles über den Laptop laufen lassen (USB-Stick yes!) |
22.10.2009, 18:12 | #2 |
| BOO/Sinowal.e GMER 1.0.15.15163 - GMER - Rootkit Detector and Remover
__________________Rootkit scan 2009-10-22 18:22:45 Windows 5.1.2600 Service Pack 2 Running: mi0mrs4i.bat; Driver: C:\DOKUME~1\stb\LOKALE~1\Temp\pxtdypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xAE654040] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xAE650930] SSDT F7CE53D6 ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xAE654510] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xAE65A870] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xAE65AAA0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xAE65DFD0] SSDT F7CE53CC ZwCreateThread SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xAE654600] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xAE650F20] SSDT F7CE53DB ZwDeleteKey SSDT F7CE53E5 ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xAE65A580] SSDT sput.sys ZwEnumerateKey [0xF73FACA2] SSDT sput.sys ZwEnumerateValueKey [0xF73FB030] SSDT F7CE53EA ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xAE650D70] SSDT sput.sys ZwOpenKey [0xF73DC0C0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xAE65A350] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xAE65A150] SSDT sput.sys ZwQueryKey [0xF73FB108] SSDT sput.sys ZwQueryValueKey [0xF73FAF88] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xAE65D250] SSDT F7CE53F4 ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xAE653C00] SSDT F7CE53EF ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xAE654220] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xAE651120] SSDT F7CE53E0 ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xAE65ACD0] INT 0x62 ? 8676CBF8 INT 0x73 ? 8676FF00 INT 0x82 ? 8676CBF8 INT 0x94 ? 86433BF8 INT 0xA4 ? 86433BF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C14 12 Bytes [10, 45, 65, AE, 70, A8, 65, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 24EC 80501CE4 4 Bytes JMP F0F7CE53 ? sput.sys Das System kann die angegebene Datei nicht finden. ! ? srescan.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload F5F757AE 5 Bytes JMP 864331D8 .text aw0lvo8n.SYS F5E83386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text aw0lvo8n.SYS F5E833AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aw0lvo8n.SYS F5E833C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text aw0lvo8n.SYS F5E833C9 1 Byte [2E] .text aw0lvo8n.SYS F5E833C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... ? C:\WINDOWS\TEMP\DE.tmp Das System kann die angegebene Datei nicht finden. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73DD040] sput.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73DD13C] sput.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73DD0BE] sput.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73DD7FC] sput.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73DD6D2] sput.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73ED048] sput.sys IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KfAcquireSpinLock] 03087408 IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!READ_PORT_UCHAR] 72F93B3F IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KeGetCurrentIrql] 8A09EBDA IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KfRaiseIrql] 86880547 IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KfLowerIrql] 00001CBD IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!HalGetInterruptVector] 88084B8A IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!HalTranslateBusAddress] 001CBE8E IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KeStallExecutionProcessor] 40578B00 IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!KfReleaseSpinLock] 8D52006A IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 001CC086 IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!READ_PORT_USHORT] B1E85000 IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000021 IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[HAL.dll!WRITE_PORT_UCHAR] 001CB88E IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[WMILIB.SYS!WmiSystemControl] 8900001C IAT \SystemRoot\System32\Drivers\aw0lvo8n.SYS[WMILIB.SYS!WmiCompleteRequest] 001CC48E IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [AE658CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [AE6591C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [AE658E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [AE659320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) |
22.10.2009, 18:16 | #3 |
| BOO/Sinowal.e ---- User IAT/EAT - GMER 1.0.15 ----
__________________IAT C:\gmer\mi0mrs4i.bat[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\gmer\mi0mrs4i.bat[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\gmer\mi0mrs4i.bat[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\gmer\mi0mrs4i.bat[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2484] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2484] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2484] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2484] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008D2E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008D2C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008D2C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008D2C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\Explorer.EXE[3448] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\System32\svchost.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\System32\svchost.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\System32\svchost.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Analog Devices\Core\smax4pnp.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Analog Devices\Core\smax4pnp.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Analog Devices\Core\smax4pnp.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Analog Devices\Core\smax4pnp.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe[3688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe[3688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe[3688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe[3688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\iTunes\iTunesHelper.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BF2E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\iTunes\iTunesHelper.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BF2C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\iTunes\iTunesHelper.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BF2C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\iTunes\iTunesHelper.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BF2C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3900] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3900] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3900] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3900] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2E70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2C30] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2C50] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2C40] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) |
22.10.2009, 18:17 | #5 |
| BOO/Sinowal.e ---- Devices - GMER 1.0.15 ---- Device 867D81F8 Device Ntfs.sys (NT File System Driver/Microsoft Corporation) Device 8628B500 Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\ACPI \Device\00000050 84EE9B00 Device \Driver\ACPI \Device\00000043 84EE9B00 Device \Driver\usbohci \Device\USBPDO-0 864321F8 Device \Driver\ACPI \Device\00000044 84EE9B00 Device \Driver\usbohci \Device\USBPDO-1 864321F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 867DA1F8 Device \Driver\dmio \Device\DmControl\DmConfig 867DA1F8 Device \Driver\dmio \Device\DmControl\DmPnP 867DA1F8 Device \Driver\dmio \Device\DmControl\DmInfo 867DA1F8 Device \Driver\ACPI \Device\00000052 84EE9B00 Device \Driver\usbohci \Device\USBPDO-2 864321F8 Device \Driver\PCI_PNP9296 \Device\00000046 sput.sys Device \Driver\PCI_PNP9296 \Device\00000046 sput.sys Device \Driver\usbehci \Device\USBPDO-3 86410500 Device \Driver\ACPI \Device\00000060 84EE9B00 Device \Driver\ACPI \Device\00000061 84EE9B00 Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\ACPI \Device\00000062 84EE9B00 Device \Driver\Ftdisk \Device\HarddiskVolume1 8676D1F8 Device \Driver\{3E487EF3-162C-4B87-A283C92D853C0551} \Device\RealHardDisk0 DE.tmp Device \Driver\ACPI \Device\00000064 84EE9B00 Device \Driver\ACPI \Device\00000058 84EE9B00 Device \Driver\Ftdisk \Device\HarddiskVolume2 8676D1F8 Device \Driver\Cdrom \Device\CdRom0 863FA500 Device \Driver\Cdrom \Device\CdRom1 863FA500 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8676C1F8 Device \Driver\atapi \Device\Ide\IdePort0 8676C1F8 Device \Driver\atapi \Device\Ide\IdePort1 8676C1F8 Device \Driver\ACPI \Device\00000066 84EE9B00 Device \Driver\Cdrom \Device\CdRom2 863FA500 Device \Driver\ACPI \Device\00000067 84EE9B00 Device \Driver\usbstor \Device\00000076 86291500 Device \Driver\NetBT \Device\NetBt_Wins_Export 85DE91F8 Device \Driver\ACPI \Device\0000004a 84EE9B00 Device \Driver\usbstor \Device\00000079 86291500 Device \Driver\NetBT \Device\NetbiosSmb 85DE91F8 Device \Driver\ACPI \Device\0000004c 84EE9B00 Device \Driver\ACPI \Device\0000004d 84EE9B00 Device \Driver\ACPI \Device\0000005b 84EE9B00 Device \Driver\ACPI \Device\0000004e 84EE9B00 Device \Driver\ACPI \Device\0000005c 84EE9B00 Device \Driver\ACPI \Device\0000004f 84EE9B00 Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\ACPI \Device\0000005d 84EE9B00 Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\ACPI \Device\0000006a 84EE9B00 Device \Driver\ACPI \Device\0000006b 84EE9B00 Device \Driver\NetBT \Device\NetBT_Tcpip_{24272A5E-6DA1-4CA2-A254-E256ABAA033A} 85DE91F8 Device \Driver\usbohci \Device\USBFDO-0 864321F8 Device \Driver\ACPI \Device\0000006c 84EE9B00 Device \Driver\usbohci \Device\USBFDO-1 864321F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85C6E1F8 Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\usbohci \Device\USBFDO-2 864321F8 Device 85C6E1F8 Device \Driver\usbehci \Device\USBFDO-3 86410500 Device \Driver\Ftdisk \Device\FtControl 8676D1F8 Device \Driver\sptd \Device\311370546 sput.sys Device \Driver\aw0lvo8n \Device\Scsi\aw0lvo8n1Port3Path0Target0Lun0 863CC1F8 Device \Driver\m5288 \Device\Scsi\m52881Port2Path0Target0Lun0 867D91F8 Device \Driver\m5288 \Device\Scsi\m52881 867D91F8 Device \Driver\aw0lvo8n \Device\Scsi\aw0lvo8n1 863CC1F8 Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF6 0xB0 0x54 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEB 0x8A 0x9E 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x09 0x0A 0x17 0xA3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF6 0xB0 0x54 0x5F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEB 0x8A 0x9E 0x75 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x3D 0xA4 0x87 ... ---- Files - GMER 1.0.15 ---- File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\Bild 015.jpg 1345746 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\Bild 017.jpg 1528504 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail 0 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\01-t.i.-56_barz.mp3 3179803 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\02-t.i.-im_illy.mp3 4434824 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\03-t.i.-ready_for_whatever.mp3 5567395 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\04-t.i.-on_top_of_the_world_(ft._ludacris_and_b.o.b).mp3 5352708 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\05-t.i.-live_your_life_(ft._rihanna).mp3 5479914 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\06-t.i.-whatever_you_like.mp3 4840010 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\07-t.i.-no_matter_what.mp3 5076882 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\08-t.i.-my_life_your_entertainment_(ft._usher).mp3 6297011 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\09-t.i.-porn_star.mp3 3650400 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\10-t.i.-swing_ya_rag_(ft._swizz_beatz).mp3 3235998 bytes File C:\Dokumente und Einstellungen\stb\Eigene Dateien\ICQ\*********\ReceivedFiles\*********\T.I. - Paper Trail\11-t.i.-what_up_whats_haapnin.mp3 3707904 bytes ---- EOF - GMER 1.0.15 ---- |
22.10.2009, 18:24 | #6 | |
| BOO/Sinowal.eZitat: ich probiers gleich mal aus, danke. |
22.10.2009, 18:33 | #7 |
| BOO/Sinowal.e Das Problem bei MSE ist, dass ich eine bestehende I-Net-Connection brauche um das zu aktualisieren - und ich diese wie im 1. post schon erwähnt nicht hab. Ergo MSE bringt mir grad nichts |
22.10.2009, 18:39 | #8 | |
| BOO/Sinowal.e Was meinst du damit Zitat:
|
22.10.2009, 18:51 | #9 |
| BOO/Sinowal.e Damit meine ich, dass ich vom Laptop (der kein brenner hat und ne alte *******kiste ist ist) die Sachen runterlade und per Stick auf meinen PC mache. Weil ich, wie schon erwähnt keine Internetconnection durch den Trojaner hab. (kann sehr gut sein, dass das ne Sicherheitseinstellung von Antivir ist (mit dem ich den Trojaner entdeckt hab) damit die bis dato aufgezeichneten Daten nicht ins Netz übertragen werden.) |
22.10.2009, 18:52 | #10 |
| BOO/Sinowal.e Download dieser Stand alone scanner auch VIPRERescue5463.exe Info bei Sunbelt Dieser scanner ist up-to-date,braucht also keine Updates via Internet |
22.10.2009, 18:56 | #11 |
| BOO/Sinowal.eGeändert von Argus (22.10.2009 um 19:48 Uhr) |
22.10.2009, 19:00 | #12 |
/// Selecta Jahrusso | BOO/Sinowal.e edit Dein thread
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie Geändert von Larusso (22.10.2009 um 19:21 Uhr) |
22.10.2009, 19:17 | #13 |
| BOO/Sinowal.eGeändert von Argus (22.10.2009 um 19:49 Uhr) |
22.10.2009, 19:29 | #14 |
| BOO/Sinowal.eCode:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully copy of MBR has been found in sector 0x012A14C00 malicious code @ sector 0x012A14C03 ! PE file found in sector at 0x012A14C19 ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. Code:
ATTFilter OTL logfile created on: 22.10.2009 20:11:20 - Run 1 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Dokumente und Einstellungen\stb\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,23 Mb Total Physical Memory | 397,11 Mb Available Physical Memory | 38,81% Memory free 2,40 Gb Paging File | 1,87 Gb Available in Paging File | 77,94% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 4,96 Gb Free Space | 12,69% Space Free | Partition Type: NTFS Drive D: | 109,98 Gb Total Space | 21,15 Gb Free Space | 19,23% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Files/Folders - Created Within 30 Days ========== [2009.10.19 11:23:15 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\OpenOffice.org [2009.09.28 20:13:39 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\vlc [2009.10.01 23:39:21 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\Chromium [2009.10.19 12:21:27 | 00,000,000 | ---D | C] -- C:\Programme\LEGO Media [2009.10.04 11:57:15 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft [2009.10.22 19:30:16 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2009.10.19 11:11:32 | 00,000,000 | ---D | C] -- C:\Programme\OpenOffice [2009.10.01 23:39:12 | 00,000,000 | ---D | C] -- C:\Programme\SRWare Iron [2009.10.22 18:45:38 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro [2009.10.22 20:09:19 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stb\Desktop\OTL.exe [2009.10.22 19:28:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2009.10.22 16:17:19 | 00,000,000 | ---D | C] -- C:\gmer [2009.10.22 16:16:48 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Desktop\samuel [2009.10.20 14:16:47 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Eigene Dateien\FACHARBEIT [2009.10.18 23:51:48 | 00,000,000 | R-SD | C] -- C:\Dokumente und Einstellungen\stb\Eigene Dateien\My Stationery [2009.10.05 19:27:29 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Eigene Dateien\photoshopbrushes [2009.10.01 19:31:05 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stb\Eigene Dateien\e-Sword [2004.11.24 20:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOOF\System32\drvc.dll ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [2009.10.22 20:09:29 | 51,877,920 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009.10.22 20:02:34 | 00,077,312 | ---- | M] () -- C:\Dokumente und Einstellungen\stb\Desktop\mbr.exe [2009.10.22 20:00:02 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stb\Desktop\OTL.exe [2009.10.22 19:35:46 | 00,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009.10.22 19:30:20 | 00,000,798 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk [2009.10.22 19:27:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.10.22 18:45:39 | 00,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\stb\Desktop\HijackThis.lnk [2009.10.22 15:36:59 | 01,605,632 | ---- | M] () -- C:\Dokumente und Einstellungen\stb\Desktop\save it.iso [2009.10.22 13:50:30 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini [2009.10.22 13:50:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009.10.22 13:50:30 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009.10.22 13:45:53 | 00,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2009.10.22 13:45:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.10.22 13:45:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.10.22 13:45:24 | 00,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2009.10.22 13:45:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2009.10.22 02:33:27 | 00,616,352 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009.10.21 23:43:43 | 00,025,216 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2009.10.20 04:10:11 | 03,172,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2009.10.19 11:56:25 | 01,444,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.10.19 11:26:40 | 00,030,176 | ---- | M] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2009.10.15 20:16:52 | 00,000,182 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009.10.15 19:38:17 | 00,079,360 | ---- | M] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.01 23:39:21 | 00,000,641 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SRWare Iron.lnk [2009.09.25 17:58:04 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job ========== Files - No Company Name ========== [2009.10.22 20:09:19 | 00,077,312 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Desktop\mbr.exe [2009.10.22 19:35:46 | 00,000,400 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009.10.22 19:30:20 | 00,000,798 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk [2009.10.22 18:45:39 | 00,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Desktop\HijackThis.lnk [2009.10.22 15:36:58 | 01,605,632 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Desktop\save it.iso [2009.10.21 23:43:43 | 00,025,216 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009.10.15 20:16:56 | 12,858,932 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Desktop\parteeey 003.AVI [2009.10.01 23:39:21 | 00,000,641 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SRWare Iron.lnk [2009.09.15 17:12:28 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2009.09.06 02:05:22 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009.07.14 10:57:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SetPointInstall.ini [2009.05.12 18:44:51 | 00,000,179 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\setup.log [2009.05.12 18:44:40 | 00,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\setup_ldm.iss [2009.03.20 13:23:16 | 00,000,143 | -H-- | C] () -- C:\WINDOWS\System32\CTLSW.INI [2009.03.20 13:23:16 | 00,000,134 | ---- | C] () -- C:\WINDOWS\System32\swctl.dll [2009.01.23 17:45:09 | 00,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009.01.23 17:45:09 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008.12.14 22:49:49 | 00,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.12.11 17:41:49 | 00,079,360 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.02 16:39:45 | 00,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.11.30 18:03:51 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008.11.30 15:58:24 | 03,348,743 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\NMM-MetaData.db [2008.11.30 13:57:09 | 00,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll [2008.11.30 13:57:09 | 00,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll [2008.11.30 13:56:42 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2008.11.30 13:53:17 | 00,030,176 | ---- | C] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2008.11.30 13:30:38 | 03,172,304 | -H-- | C] () -- C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2008.11.30 13:28:29 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\stb\Anwendungsdaten\desktop.ini [2008.11.30 13:09:06 | 00,271,264 | ---- | C] () -- C:\WINDOOF\System32\vbrun100.dll [2008.11.30 13:02:47 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini [2008.11.21 23:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.11.21 23:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008.11.21 23:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008.11.21 23:44:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008.11.09 18:42:17 | 00,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2008.01.15 03:31:00 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini [2007.03.17 20:07:09 | 01,800,192 | ---- | C] () -- C:\WINDOWS\System32\hmtcdres.dll [2007.03.17 20:07:08 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\hmtcd.dll [2006.06.26 11:33:40 | 00,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2005.12.07 13:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004.10.03 18:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2001.08.18 13:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini [2001.08.18 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini < End of report > |
22.10.2009, 19:31 | #15 |
| BOO/Sinowal.eCode:
ATTFilter OTL Extras logfile created on: 22.10.2009 20:11:20 - Run 1 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Dokumente und Einstellungen\stb\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,23 Mb Total Physical Memory | 397,11 Mb Available Physical Memory | 38,81% Memory free 2,40 Gb Paging File | 1,87 Gb Available in Paging File | 77,94% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 4,96 Gb Free Space | 12,69% Space Free | Partition Type: NTFS Drive D: | 109,98 Gb Total Space | 21,15 Gb Free Space | 19,23% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STB Current User Name: stb Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "C:\WINDOOF\hh.exe" %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.) "C:\Programme\Autodesk\Backburner\monitor.exe" = C:\Programme\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.) "C:\Programme\Autodesk\Backburner\manager.exe" = C:\Programme\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.) "C:\Programme\Autodesk\Backburner\server.exe" = C:\Programme\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.) "C:\Programme\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Programme\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit -- (Autodesk, Inc.) "C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe" = C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe:*:Enabled:AVM FRITZ!Box Kindersicherung -- (AVM Berlin) "C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\Dyyno Receiver\DPPM.exe" = C:\Dokumente und Einstellungen\stb\Lokale Einstellungen\Anwendungsdaten\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver -- () "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00E15D21-B68B-D7C4-574B-636E2D1ECEBE}" = Catalyst Control Center HydraVision Full "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution "{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{0E94871C-623C-464F-A117-B8474BFF84E1}" = Nokia MTP driver "{1170F665-2359-E439-5BC5-932B87423EF1}" = ccc-utility "{13800ED7-C5CA-35FB-A612-2296DEF19BB0}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English) "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{38C7CB9E-1451-38D5-BB97-B7FC59E1A8B8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - deu "{39D74E81-5DED-C7EE-8807-91A8800212FA}" = ccc-core-preinstall "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{41C01225-45FD-7BCE-1EDA-F7E50945ADD7}" = Catalyst Control Center Core Implementation "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{42F7C377-2A1F-44FB-A17F-053C29E81031}" = Nero 7 Premium "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser "{4CC04CB8-422A-4940-A5C9-90F233690509}_is1" = SRWare Iron 3.0.197.0 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5E8E1294-7951-6DA9-10F1-C877871346F3}" = Skins "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{826F3B4F-C597-AF1D-4CB1-2F441BE8E2BF}" = ccc-core-static "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{87B20692-9E9D-FAE0-76C7-E75E3CC7B0D1}" = Catalyst Control Center Graphics Full Existing "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{957645C3-8003-465B-839E-AFF5A5824B35}" = e-Sword "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A47AFECA-7F0F-471A-82A3-68DEB673A311}" = AVM FRITZ!Box-Kindersicherung "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C29769BE-BEDF-DC9E-67A9-5E7AEFF039CF}" = CCC Help English "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C740289B-FC90-D938-8317-1FFEBF7C04DB}" = Catalyst Control Center Graphics Previews Common "{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes "{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam "{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1 "{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F30A8BF7-288C-57C0-357E-6D67BB694682}" = Catalyst Control Center Graphics Full New "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F54543CF-EC73-D847-1780-84A6420EA229}" = Catalyst Control Center Graphics Light "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FDC53DC6-137A-4541-BFA2-A9BAE4A7FE99}" = ULi Sata Driver "{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) "7-Zip" = 7-Zip 4.42 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "AIMP2" = AIMP2 "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner (remove only) "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "IE7" = Internet Explorer 7 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Picasa 3" = Picasa 3 "QcDrv" = Logitech® Camera-Treiber "Skype_is1" = Skype 2.5 "Steam App 10" = Counter-Strike "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 1.0.2 "WIC" = Windows Imaging Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Presentation Foundation Language Pack (DEU)" = Windows Presentation Foundation Language Pack (DEU) "WinLiveSuite_Wave3" = Windows Live Essentials "XP Codec Pack" = XP Codec Pack "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Zattoo" = Zattoo 3.3.4 Beta "ZoneAlarm" = ZoneAlarm Geändert von stb (22.10.2009 um 19:49 Uhr) |
Themen zu BOO/Sinowal.e |
aktuelle, beste, besten, boo/sinowal.e, bootsektoren, daten, frage, freundin, gateway, heute, kopieren, laptop, laufen, platt, problem, prüfung, retten, scan, sicherung, software, stunden, troja, trojaner, usb-stick, virenscan, wichtige, wichtige daten, woche |