| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: BOO/Sinowal.EWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
17.10.2009, 08:47
| #29 |
 |  BOO/Sinowal.E Guten Morgen! Ich habe GMER gestern abend/nacht laufen lassen und den PC die Nacht über angelassen, da es mir zu spät wurde. Kopiere dir die Logfile. Ciao Kati GMER 1.0.15.15125 - http://www.gmer.net Rootkit scan 2009-10-17 09:24:10 Windows 5.1.2600 Service Pack 3 Running: vn7ffojs.exe; Driver: C:\DOCUME~1\kadu\CONFIG~1\Temp\pxtdqpog.sys ---- System - GMER 1.0.15 ---- SSDT F7D5FC46 ZwCreateKey SSDT F7D5FC3C ZwCreateThread SSDT F7D5FC4B ZwDeleteKey SSDT F7D5FC55 ZwDeleteValueKey SSDT sptd.sys ZwEnumerateKey [0xF7544FB2] SSDT sptd.sys ZwEnumerateValueKey [0xF7545340] SSDT F7D5FC5A ZwLoadKey SSDT sptd.sys ZwOpenKey [0xF753F0B0] SSDT F7D5FC28 ZwOpenProcess SSDT F7D5FC2D ZwOpenThread SSDT sptd.sys ZwQueryKey [0xF7545418] SSDT sptd.sys ZwQueryValueKey [0xF7545298] SSDT F7D5FC64 ZwReplaceKey SSDT F7D5FC5F ZwRestoreKey SSDT F7D5FC50 ZwSetValueKey SSDT \??\C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF542B0B0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 3 Bytes [B0, 42, F5] {MOV AL, 0x42; CMC } ? C:\WINDOWS\system32\drivers\sptd.sys El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. .text USBPORT.SYS!DllUnload F6A248AC 5 Bytes JMP 8595F5F8 ? System32\Drivers\a4wmjw2h.SYS El sistema no puede hallar la ruta especificada. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F755606C] sptd.sys IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7556018] sptd.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75789AE] sptd.sys IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F755606C] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F753FAD4] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F753FC1A] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F753FB9C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7540748] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F754061E] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F755529A] sptd.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85B6C1E8 Device \FileSystem\Fastfat \FatCdrom 85748790 Device \FileSystem\Udfs \UdfsCdRom 854511E8 Device \FileSystem\Udfs \UdfsCdRom BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.) Device \FileSystem\Udfs \UdfsDisk 854511E8 Device \FileSystem\Udfs \UdfsDisk BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.) Device \Driver\usbuhci \Device\USBPDO-0 8595E1E8 Device \Driver\usbuhci \Device\USBPDO-1 8595E1E8 Device \Driver\usbuhci \Device\USBPDO-2 8595E1E8 Device \Driver\PCI_NTPNP7426 \Device\00000054 sptd.sys Device \Driver\usbehci \Device\USBPDO-3 8593C1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 85B6E1E8 Device \Driver\Cdrom \Device\CdRom0 8592F688 Device \Driver\Cdrom \Device\CdRom1 8592F688 Device \Driver\atapi \Device\Ide\IdePort0 [F7499B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7499B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdePort1 [F7499B40] atapi.sys[unknown section] Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7499B40] atapi.sys[unknown section] Device \Driver\NetBT \Device\NetBT_Tcpip_{64970D6B-8D20-4A65-AD29-FF3B4E0C0D86} 854531E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 854531E8 Device \Driver\NetBT \Device\NetbiosSmb 854531E8 Device \Driver\usbuhci \Device\USBFDO-0 8595E1E8 Device \Driver\usbuhci \Device\USBFDO-1 8595E1E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85269790 Device \Driver\usbuhci \Device\USBFDO-2 8595E1E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 85269790 Device \Driver\usbehci \Device\USBFDO-3 8593C1E8 Device \Driver\Ftdisk \Device\FtControl 85B6E1E8 Device \Driver\a4wmjw2h \Device\Scsi\a4wmjw2h1 858361E8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 85B6D1E8 Device \Driver\a4wmjw2h \Device\Scsi\a4wmjw2h1Port3Path0Target0Lun0 858361E8 Device \FileSystem\Fastfat \Fat 85748790 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 853E31E8 Device \FileSystem\Cdfs \Cdfs BsUDF.SYS (UDF File System Driver (WindowsXP)/B.H.A Co.,Ltd.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd50716c Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Archivos de programa\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x94 0xB5 0xE7 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x95 0xF9 0x83 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8F 0x0C 0x05 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd50716c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Archivos de programa\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x94 0xB5 0xE7 0xBD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x95 0xF9 0x83 0x2C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8F 0x0C 0x05 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{866E5309-4DE4-EC1D-5303B5015403F078}\{E4D7DA31-B59C-2F42-84703E9617E7637D}\{F8D6A80B-EA06-4220-85CE61582D500BD8} Reg HKLM\SOFTWARE\Classes\CLSID\{866E5309-4DE4-EC1D-5303B5015403F078}\{E4D7DA31-B59C-2F42-84703E9617E7637D}\{F8D6A80B-EA06-4220-85CE61582D500BD8}@LBML3FZBDBDV3BUIEQZJ1CU1HB1 0x01 0x00 0x01 0x00 ... ---- EOF - GMER 1.0.15 ---- |
| Themen zu BOO/Sinowal.E |
| alles gelöscht, anwendungsprogramme, avira, beheben, boo/sinowal.e, ccleaner, einfach, fehler, festplatte, formatiere, formatieren, forum, gelöscht, gestartet, hoffe, mas, masterbootsektor, melde, office, platte, plötzlich, problem, richtig, starte, totaler, virus, von selbst, wichtig |
BOO/Sinowal.E
Baum-Darstellung