"autorun.inf ist der Trojaner: TR/Autorun.TE" Meldung beim Anschluss eines USB Sticks

geo-pec

Avira AntiVir Personal
Report file date: 16 June 2008 14:22

Scanning for 1335616 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: AFXPMONAIRDIG02

Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28.05.2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18.03.2008 10:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07.02.2008 09:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28.02.2008 09:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21.02.2008 09:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 11:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.03.2008 14:08:58
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14.06.2008 10:37:25
ANTIVIR3.VDF : 7.0.4.202 55296 Bytes 16.06.2008 13:09:00
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 25.02.2008 10:58:21
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 13.06.2008 15:19:56
AESCN.DLL : 8.1.0.21 119156 Bytes 13.06.2008 15:19:38
AERDL.DLL : 8.1.0.20 418165 Bytes 13.06.2008 15:19:26
AEPACK.DLL : 8.1.1.5 364918 Bytes 13.06.2008 15:18:58
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 13.06.2008 15:18:33
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 13.06.2008 15:18:19
AEHELP.DLL : 8.1.0.15 115063 Bytes 13.06.2008 15:15:51
AEGEN.DLL : 8.1.0.28 307572 Bytes 13.06.2008 15:15:12
AEEMU.DLL : 8.1.0.6 430451 Bytes 13.06.2008 15:14:16
AECORE.DLL : 8.1.0.31 168310 Bytes 13.06.2008 15:13:54
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23.01.2008 18:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18.02.2008 11:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 14:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23.01.2008 18:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 09:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28.02.2008 09:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 18:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23.01.2008 18:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 13:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10.03.2008 15:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06.03.2008 13:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: off
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: 16 June 2008 14:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'ggwin.exe' - '1' Module(s) have been scanned
Scan process 'CardExec.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'fbserver.exe' - '1' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
Scan process 'ramaint.exe' - '1' Module(s) have been scanned
Scan process 'fbguard.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Das Gerät ist nicht bereit.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Das Gerät ist nicht bereit.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Das Gerät ist nicht bereit.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Das Gerät ist nicht bereit.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '25' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\DIGuser02\Application Data\Thunderbird\Profiles\go1te8sc.default\Mail\Local Folders\Inbox
[0] Archive type: Netscape/Mozilla Mailbox
--> Mailbox_[Message-ID: <000f01c78040$fdf2ab70$00cd8134@Appointment>][From: "eBay" <meinestory@ebay.de>][Subject: Ebay: Sie haben Ihre Email Adresse geanderter]76.mim
[1] Archive type: MIME
--> 00644.zip
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
--> 00644.zip
[2] Archive type: ZIP
--> Dokument.doc.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.98009
--> Mailbox_[From: "cleverbridge Avira GmbH." <cle@cleverbridge.co][Message-ID: <64297519.20070423115906@cleverbridge.com>][Subject: Referenznr.:595169: Ihre Bestellung von Avira G]92.mim
[1] Archive type: MIME
--> 595169.zip
[2] Archive type: ZIP
--> HBEDV.KEY.exe
[DETECTION] Is the Trojan horse TR/Dldr.iBill.AJ.1
--> Mailbox_[Message-ID: <CD664F03.3274134@northwestern.edu>][From: Antonio <Marta@northwestern.edu>][Subject: RE: Unterlagen]104.mim
[1] Archive type: MIME
--> 64646.zip
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
--> 64646.zip
[2] Archive type: ZIP
--> Vertrag.doc.exe
[DETECTION] Is the Trojan horse TR/Dldr.iBill.AM
--> Mailbox_[Message-ID: <34C81D12.5368055@yrnet.com>][From: Rodrigo <Caroline@yrnet.com>][Subject: RE: Unterlagen]106.mim
[1] Archive type: MIME
--> 57670.zip
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
--> 57670.zip
[2] Archive type: ZIP
--> Vertrag.doc.exe
[DETECTION] Is the Trojan horse TR/Dldr.iBill.AM
--> Mailbox_[Message-ID: <95F89265.7757663@lansheng.net>][From: Eugenia <Glenda@lansheng.net>][Subject: RE: Vertrag]108.mim
[1] Archive type: MIME
--> 29797.zip
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
--> 29797.zip
[2] Archive type: ZIP
--> Vertrag.doc.exe
[DETECTION] Is the Trojan horse TR/Dldr.iBill.AM
--> Mailbox_[Message-ID: <731E5CDE.0640939@nittanylink.com>][From: Blanca <Richie@nittanylink.com>][Subject: RE:]110.mim
[1] Archive type: MIME
--> 79423.zip
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
--> 79423.zip
[2] Archive type: ZIP
--> Vertrag.doc.exe
[DETECTION] Is the Trojan horse TR/Dldr.iBill.AM
--> Mailbox_[Message-ID: <BFEEEDF7.5970521@northwestern.edu>][From: Houston <Ed@northwestern.edu>][Subject: RE: Unterlagen]112.mim
[1] Archive type: MIME
--> 97539.zip
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)
--> 97539.zip
[2] Archive type: ZIP
--> Vertrag.doc.exe
[DETECTION] Is the Trojan horse TR/Dldr.iBill.AM
--> Mailbox_[From: "cleverbridge Avira GmbH" <tech@cleverbridge.][Message-ID: <45552870.20070429074304@cleverbridge.com>][Subject: Referenznr.:595169: Ihre Bestellung von Avira G]132.mim
[1] Archive type: MIME
--> 595169.zip
[DETECTION] Is the Trojan horse TR/Dldr.iBill.Zipped
--> 595169.zip
[2] Archive type: ZIP
--> HBEDV.KEY.exe
[DETECTION] Is the Trojan horse TR/Dldr.iBill.AK
--> Mailbox_[From: "cleverbridge Avira GmbH" <tech@cleverbridge.co][Message-ID: <44915428.20070428074012@cleverbridge.com>][Subject: Referenznr.:595169: Ihre Bestellung von Avira G]136.mim
[1] Archive type: MIME
--> 595169.zip
[DETECTION] Is the Trojan horse TR/Dldr.iBill.Zipped
--> 595169.zip
[2] Archive type: ZIP
--> HBEDV.KEY.exe
[DETECTION] Is the Trojan horse TR/Dldr.iBill.AK
--> Mailbox_[From: "cleverbridge Avira GmbH" <list@cleverbridge.][Message-ID: <232502931.20070428154408@cleverbridge.com>][Subject: Referenznr.:595169: Ihre Bestellung von Avira G]138.mim
[1] Archive type: MIME
--> 595169.zip
[DETECTION] Is the Trojan horse TR/Dldr.iBill.Zipped
--> 595169.zip
[2] Archive type: ZIP
--> HBEDV.KEY.exe
[DETECTION] Is the Trojan horse TR/Dldr.iBill.AK
--> Mailbox_[From: "cleverbridge Avira GmbH." <list@cleverbridge.c][Message-ID: <709964972.20070428195904@cleverbridge.com>][Subject: Referenznr.:595169: Ihre Bestellung von Avira G]140.mim
[1] Archive type: MIME
--> 595169.zip
[DETECTION] Is the Trojan horse TR/Dldr.iBill.Zipped
--> 595169.zip
[2] Archive type: ZIP
--> HBEDV.KEY.exe
[DETECTION] Is the Trojan horse TR/Dldr.iBill.AK
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
C:\Documents and Settings\DIGuser02\My Documents\Wartung\Trojan-board\Flash_Disinfector.exe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.2
[NOTE] The file was moved to '48b76ce9.qua'!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!


End of the scan: 16 June 2008 15:24
Used time: 1:02:02 min

The scan has been done completely.

9025 Scanning directories
628026 Files were scanned
16 viruses and/or unwanted programs were found
6 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
628010 Files not concerned
10559 Archives were scanned
8 Warnings
1 Notes