Bootsektor Virus "BOO/Sinowal.A"

gustl123 · 12.06.2008, 21:08

AntiVir hat mir gemeldet, dass es einen Bootsektor Virus: "BOO/Sinowal.A" gefunden hat. Der Virus kann aber nicht gelöscht werden. Wie kann ich den Virus löschen? Was macht der Virus mit meinem PC? Es läuft eigendlich alles normal - Trojaner? Wie kann ich meine Daten ohne den Virus sichern, damit ich falls nötig formatieren kann? Könnt ihr bitte mein Logfile auswerten?

----------------------------------------------------------------------------
HijackThis Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:09, on 11.06.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Programme\Locate32\Locate32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [zoneLINK MultiCore Optimizer] "C:\Program Files\zoneLINK\MultiCore Optimizer\MultiCoreOptimizer.exe" -TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Locate32 Autorun.lnk = ?
O4 - Global Startup: TrekStor NDAS-Geräte-Manager.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 9.0-Lizenzierungsdienst (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\Benutzer\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 8338 bytes

myrtille · 12.06.2008, 21:45

Hi,
erstmal würde ich gern sichergehen, dass der gefundene Virus auf deinem Rechner ist:

Während des Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw deaktiviert sein
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen)
nichts am Rechner getan werden
nach jedem Scan der Rechner neu gestartet werden

Gmer scannen lassen

Lade dir GMER von dieser Seite runter und entpacke es auf deinen Desktop.
Starte gmer.exe. Alle anderen Programme sollen geschlossen sein.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird GMER beendet.
Füge das Log aus der Zwischenablage in deine Antwort hier ein.

Poste das Log dann bitte hier

Erstelle zur Kontrolle bitte auch ein Log mit DSS:
DSS

Lade dir DSS
Schließe alle Anwendungen und führe DSS.exe dann mit einem Doppelklick aus
Führe während DSS arbeitet bitte keine anderen Aktionen durch
Am Ende öffnen sich 2 Datein main.txt und extra.txt
Poste den Inhalt beider Dateien hier

Poste bitte auch das Log von Antivir, indem der Befall gefunden wird.

lg myrtille

gustl123 · 13.06.2008, 22:19

Hier meine Logs:

Gmer.exe:

Zitat:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-13 23:00:37
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.14 ----

SSDT A89C6594 ZwCreateThread
SSDT A89C6580 ZwOpenProcess
SSDT A89C6585 ZwOpenThread
SSDT A89C658F ZwTerminateProcess
SSDT A89C658A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!KeInsertQueue + 411 824889C8 4 Bytes [ 94, 65, 9C, A8 ]
.text ntoskrnl.exe!KeInsertQueue + 5E1 82488B98 4 Bytes [ 80, 65, 9C, A8 ]
.text ntoskrnl.exe!KeInsertQueue + 5FD 82488BB4 4 Bytes [ 85, 65, 9C, A8 ]
.text ntoskrnl.exe!KeInsertQueue + 811 82488DC8 4 Bytes [ 8F, 65, 9C, A8 ]
.text ntoskrnl.exe!KeInsertQueue + 871 82488E28 4 Bytes [ 8A, 65, 9C, A8 ]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe[2148] USER32.dll!GetScrollPos 75FDC090 5 Bytes JMP 1004EF50 C:\Program Files\Tobit ClipInc\Player\TOBITCLT.dll
.text C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe[2148] USER32.dll!GetScrollRange 75FDC33B 5 Bytes JMP 1004EF80 C:\Program Files\Tobit ClipInc\Player\TOBITCLT.dll
.text C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe[2148] USER32.dll!SetScrollRange 75FDE173 5 Bytes JMP 1004F040 C:\Program Files\Tobit ClipInc\Player\TOBITCLT.dll
.text C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe[2148] USER32.dll!GetSysColorBrush 75FDEECC 5 Bytes JMP 100442C0 C:\Program Files\Tobit ClipInc\Player\TOBITCLT.dll
.text C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe[2148] USER32.dll!GetScrollInfo 75FE0804 7 Bytes JMP 1004EF10 C:\Program Files\Tobit ClipInc\Player\TOBITCLT.dll
.text C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe[2148] USER32.dll!ShowScrollBar 75FE0E7C 5 Bytes JMP 1004F090 C:\Program Files\Tobit ClipInc\Player\TOBITCLT.dll
.text C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe[2148] USER32.dll!SetScrollInfo 75FE8663 7 Bytes JMP 1004EFC0 C:\Program Files\Tobit ClipInc\Player\TOBITCLT.dll
.text C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe[2148] USER32.dll!GetSysColor 75FE9D02 5 Bytes JMP 10044280 C:\Program Files\Tobit ClipInc\Player\TOBITCLT.dll
.text C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe[2148] USER32.dll!DrawFrameControl 75FF6825 7 Bytes JMP 10043420 C:\Program Files\Tobit ClipInc\Player\TOBITCLT.dll
.text C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe[2148] USER32.dll!EnableScrollBar 75FFB11E 7 Bytes JMP 1004EED0 C:\Program Files\Tobit ClipInc\Player\TOBITCLT.dll
.text C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe[2148] USER32.dll!SetScrollPos 76003A1E 5 Bytes JMP 1004F000 C:\Program Files\Tobit ClipInc\Player\TOBITCLT.dll
.text C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe[3016] kernel32.dll!SetUnhandledExceptionFilter 76DF6E2D 5 Bytes JMP 0048DC60 C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\SearchProtocolHost.exe[6016] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [6AB5DB6B] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[6016] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [6AB5DB6B] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[6016] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [6AB5DB6B] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[6016] @ C:\Windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [6AB5DB6B] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs lfsfilt.sys (NDAS LFS Filter/XIMETA, Inc.)

AttachedDevice \FileSystem\Ntfs \Ntfs oodisrh.sys (O&O DiskImage Snapshot/Restore Helper Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 oodivd.sys (O&O DiskImage Virtual Disk Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 oodivd.sys (O&O DiskImage Virtual Disk Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 oodivd.sys (O&O DiskImage Virtual Disk Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 oodivd.sys (O&O DiskImage Virtual Disk Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 oodivd.sys (O&O DiskImage Virtual Disk Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 oodivd.sys (O&O DiskImage Virtual Disk Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 oodivd.sys (O&O DiskImage Virtual Disk Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat oodisrh.sys (O&O DiskImage Snapshot/Restore Helper Driver (Win32)/O&O Software GmbH)
AttachedDevice \FileSystem\fastfat \Fat lfsfilt.sys (NDAS LFS Filter/XIMETA, Inc.)

---- Threads - GMER 1.0.14 ----

Thread 4:432 8694F7D0
Thread 4:440 8694F7D0
Thread 4:444 86980EB0
Thread 4:448 86980EB0
Thread 4:452 86980EB0

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODI01.00.00.01PRO 6EC47AC3AC53E85D2DFDB411CE6512504C75A822DD506BDD29521906AC2420611A689574E086F187C8994DD5DEFDCD04248EF11D370CFC0DDC382870B39ED9AD72250CA26D461FE75725C4 76F049BFA298C1234075FA4FECA27C56C4A369820A87683078ED5D3458E80CF485722002FADB183E2277207761ECE6703E6BD6C68FADD736F70307954653F01CE5554C5470E2CE2DAB9FF3 ABE174F1A6EB7FAA77EA7D4BB8F350774CB5AE255ED0100E197A69D7B99CD5E2C9FB34CA0DAF571E0ADC504CB3948054883B593440521B9757236B59150483CBD0506AD69CC0EDDD17BBCA 9B0AD53FB79B0273D82C4DF48F3A8A2DAB50C917FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79 33A2D97226D213B5555D575E7D6A3B98089DB7CE019D40AA5C56A8AFAB363543FC63869F7C196531491AEF9EA33F884FF2C1F25DF5FAB5C1D567973122A1C4F5492DF8CA20C0B5F61966ED B12CA39E941002C59658A63260884C92732ADD4E721475817E48062403367048E3B94CE454A5A29C6035E10669A85843197DDE958EF29AA3CF50F99C3324477AE1E8080E914C790D9B88D7 4E2600D0775718CDBFF97FEF08EA5761ED3A7067266B98D934229F56CF3E12670C305BEEA279BC87D8B2D8BCF70E3D374A1C28C70D546B775330BEF9BF5

---- EOF - GMER 1.0.14 ----

gustl123 · 13.06.2008, 22:27

DSS.exe Logs:

Die logs sidn zu lang um sie hier zum posten, darum hab ich sie als txt datei bei file.upload hochgeladen!

Main.txt: File-Upload.net - Ihr kostenloser File Hoster!
Extra.txt: File-Upload.net - Ihr kostenloser File Hoster!
AntiVir Log: File-Upload.net - Ihr kostenloser File Hoster!

gustl123 · 14.06.2008, 09:02

Ich hab jetzt mal Kaskersky Internet Security 2009 installiert und damit nach dem Virus gesucht. Er hat aber nichts gefunden.

myrtille · 15.06.2008, 16:23

Hi,
Tja, Kaspersky vielleicht nicht, aber Antivir und GMER finden etwas.

Es ist übrigens nicht zu empfehlen mehrere Antivirenprogramme auf einmal zu installieren. Das reduziert die Sicherheit deines Systems!.

Lade dir bitte mbr detector herunter und führe ihn aus.

Poste das Log bitte hier.

lg myrtille

15.06.2008, 16:23	#6
myrtille /// TB-Ausbilder	Bootsektor Virus "BOO/Sinowal.A" Hi, Tja, Kaspersky vielleicht nicht, aber Antivir und GMER finden etwas. Es ist übrigens nicht zu empfehlen mehrere Antivirenprogramme auf einmal zu installieren. Das reduziert die Sicherheit deines Systems!. Lade dir bitte mbr detector herunter und führe ihn aus. Poste das Log bitte hier. lg myrtille __________________ --> Bootsektor Virus "BOO/Sinowal.A"

Bootsektor Virus "BOO/Sinowal.A"

Log-Analyse und Auswertung: Bootsektor Virus "BOO/Sinowal.A"