BOO/Sinowal.A

Simon01 · 19.04.2009, 15:54

Antivir findet BOO/Sinowal.A immer noch; hier der Bericht:

Code:

ATTFilter

Avira AntiVir Personal
Report file date: Sonntag, 19. April 2009  15:50

Scanning for 1356201 virus strains and unwanted programs.

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : NB-***

Version information:
BUILD.DAT       : 9.0.0.387     17962 Bytes  24.03.2009 11:04:00
AVSCAN.EXE      : 9.0.3.3      464641 Bytes  24.02.2009 10:13:26
AVSCAN.DLL      : 9.0.3.0       40705 Bytes  27.02.2009 08:58:24
LUKE.DLL        : 9.0.3.2      209665 Bytes  20.02.2009 09:35:49
LUKERES.DLL     : 9.0.2.0       12033 Bytes  27.02.2009 08:58:52
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  27.10.2008 10:30:36
ANTIVIR1.VDF    : 7.1.2.12    3336192 Bytes  11.02.2009 18:33:26
ANTIVIR2.VDF    : 7.1.3.63    1588224 Bytes  16.04.2009 13:45:31
ANTIVIR3.VDF    : 7.1.3.73      25088 Bytes  18.04.2009 13:45:31
Engineversion   : 8.2.0.148
AEVDF.DLL       : 8.1.1.0      106868 Bytes  27.01.2009 15:36:42
AESCRIPT.DLL    : 8.1.1.75     373113 Bytes  19.04.2009 13:45:35
AESCN.DLL       : 8.1.1.10     127348 Bytes  19.04.2009 13:45:34
AERDL.DLL       : 8.1.1.3      438645 Bytes  29.10.2008 16:24:41
AEPACK.DLL      : 8.1.3.14     397685 Bytes  19.04.2009 13:45:34
AEOFFICE.DLL    : 8.1.0.36     196987 Bytes  26.02.2009 18:01:56
AEHEUR.DLL      : 8.1.0.119   1724791 Bytes  19.04.2009 13:45:34
AEHELP.DLL      : 8.1.2.2      119158 Bytes  26.02.2009 18:01:56
AEGEN.DLL       : 8.1.1.36     340341 Bytes  19.04.2009 13:45:32
AEEMU.DLL       : 8.1.0.9      393588 Bytes  09.10.2008 12:32:40
AECORE.DLL      : 8.1.6.9      176500 Bytes  19.04.2009 13:45:31
AEBB.DLL        : 8.1.0.3       53618 Bytes  09.10.2008 12:32:40
AVWINLL.DLL     : 9.0.0.3       18177 Bytes  12.12.2008 06:47:59
AVPREF.DLL      : 9.0.0.1       43777 Bytes  05.12.2008 08:32:15
AVREP.DLL       : 8.0.0.3      155905 Bytes  20.01.2009 12:34:28
AVREG.DLL       : 9.0.0.0       36609 Bytes  05.12.2008 08:32:09
AVARKT.DLL      : 9.0.0.1      292609 Bytes  09.02.2009 05:52:24
AVEVTLOG.DLL    : 9.0.0.7      167169 Bytes  30.01.2009 08:37:08
SQLITE3.DLL     : 3.6.1.0      326401 Bytes  28.01.2009 13:03:49
SMTPLIB.DLL     : 9.2.0.25      28417 Bytes  02.02.2009 06:21:33
NETNT.DLL       : 9.0.0.0       11521 Bytes  05.12.2008 08:32:10
RCIMAGE.DLL     : 9.0.0.21    2438401 Bytes  09.02.2009 09:45:45
RCTEXT.DLL      : 9.0.35.0      87297 Bytes  11.03.2009 13:55:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Sonntag, 19. April 2009  15:50

Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting search for hidden objects.
'38943' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'Crazy Browser.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'PDFBackend.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'openvpn-gui.exe' - '1' Module(s) have been scanned
Scan process 'ZoomingHook.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'TMERzCtl.exe' - '1' Module(s) have been scanned
Scan process 'TMEEJME.exe' - '1' Module(s) have been scanned
Scan process 'FnKeyHook.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned
Scan process 'CeEKey.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'TMESRV31.EXE' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
    [WARNING]   The boot sector cannot be repaired! You can find more information in the help

Start scanning boot sectors:

Starting to scan executable files (registry).
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\uninstall.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
    [WARNING]   The file could not be opened!

The registry was scanned ( '64' files ).


Starting the file scan:

Begin scan in 'C:\' <System>
C:\pagefile.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\backup\WINDOWS\system32\spool\drivers\w32x86\3\EB3ST000.DAT
  [0] Archive type: CAB SFX (self extracting)
    --> \AGENTNT_t\SAgentNT.exe
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
    [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\backup\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_color_88fffa\EB3ST000.DAT
  [0] Archive type: CAB SFX (self extracting)
    --> \AGENTNT_t\SAgentNT.exe
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
    [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\uninstall.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
    [WARNING]   The file could not be opened!
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP70\A0016557.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP81\A0023631.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP81\A0024790.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP83\A0028175.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP84\A0029570.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP85\A0030589.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0D2RGTIJ\01[1].exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

Beginning disinfection:
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\uninstall.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
    [WARNING]   An error has occurred and the file was not deleted. ErrorID: 26004
    [WARNING]   The source file could not be found.
    [NOTE]      Attempting to perform action using the ARK library.
    [NOTE]      The file was moved to '4a543add.qua'!
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\uninstall.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
    [WARNING]   An error has occurred and the file was not deleted. ErrorID: 26004
    [WARNING]   The source file could not be found.
    [NOTE]      Attempting to perform action using the ARK library.
    [WARNING]   Error in ARK library
    [NOTE]      The file is scheduled for deleting after reboot.
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP70\A0016557.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4a1b3ac5.qua'!
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP81\A0023631.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4c44205e.qua'!
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP81\A0024790.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
    [NOTE]      The file was moved to '4c4631ce.qua'!
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP83\A0028175.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
    [NOTE]      The file was moved to '4c41c1be.qua'!
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP84\A0029570.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
    [NOTE]      The file was moved to '4c7a10ee.qua'!
C:\System Volume Information\_restore{99967BEE-8B20-4464-BBC6-E84909D63494}\RP85\A0030589.exe
    [DETECTION] Is the TR/Drop.Age.tpfi.44 Trojan
    [NOTE]      The file was moved to '4c790b36.qua'!
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0D2RGTIJ\01[1].exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE]      The file was moved to '4a463ac6.qua'!


End of the scan: Sonntag, 19. April 2009  16:52
Used time:  1:00:50 Hour(s)

The scan has been done completely.

   8433 Scanned directories
 339016 Files were scanned
     10 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      8 Files were moved to quarantine
      0 Files were renamed
      3 Files cannot be scanned
 339004 Files not concerned
   7941 Archives were scanned
      8 Warnings
     10 Notes
  38943 Objects were scanned with rootkit scan
      0 Hidden objects were found

BOO/Sinowal.A

Plagegeister aller Art und deren Bekämpfung: BOO/Sinowal.A

BOO/Sinowal.A

Ähnliche Themen: BOO/Sinowal.A