Hilfe Trojaner Win32.Sinowal.aha
 

Hilfe Trojaner Win32.Sinowal.aha
Benutze Kaspersky und er medet mir beim jeden Scan:

trojanisches Programm Backdoor.Win32.Sinowal.aha Laufwerkssektor :\Device\Harddisk1\DR1

Neuinstallation hat nicht geholfen!

kann es sein das der trojaner sich ins MBR eingenistet hat???

BRAUCHE HILFE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:40, on 23.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programme\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Programme\Analog Devices\Core\smax4pnp.exe
E:\Programme\Analog Devices\SoundMAX\Smax4.exe
E:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\acs.exe
E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
E:\Programme\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
E:\WINDOWS\system32\nvsvc32.exe
e:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
E:\Programme\DAEMON Tools Lite\daemon.exe
E:\Programme\Pinnacle\MediaCenter\PMC.exe
E:\WINDOWS\System32\svchost.exe
E:\Programme\Mozilla Firefox\firefox.exe
E:\Programme\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
E:\Dokumente und Einstellungen\curi0u5\Desktop\windows-kb890830-v2.6.exe
c:\460590267388d6aaf6b4a0785835bc\mrtstub.exe
E:\WINDOWS\system32\MRT.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\Programme\QIP\qip.exe
E:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [AVP] "E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ad-Watch] E:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "E:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] E:\Programme\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232713940828
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - E:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - E:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - e:\progra~1\pinnacle\mediac~1\epgspo~2.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - e:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe

--
End of file - 5128 bytes

Wie kriege ich diesen Trojaner weg???