Hallo!
Ich habe gesehen, dass bereits das gleiche Thema vor kurzem eröffnet wurde. Allerdings ist die Vorgehensweise sehr individuell, und ich hoffe, dass es okay ist, dass ich auch ein Thread eröffnet habe. Andernfalls kann ich auch die Schritte des anderen Threads befolgen und dort meine Logs posten.
Anti-Vir meldet mir diese Meldung:
"A virus or
unwanted program 'BOO/Whistler' [virus] was found in Boot sector of drive 'Q:'.
Action executed: Deny access" - und zwar für alle vorhandenen Partiotionen (C:, Q:, S: (Q und S sind Systempartionen von Lenovo).
Ich habe Windows Vista installiert.
Über Hilfe wäre ich sehr, sehr dankbar. Eine Formatierung ist schwierig, da ich mich zur Zeit im Auslandssemester in Schweden befinde, vielleicht schaffe ich es, den Virus doch zu entfernen?
Hier der Logfile von Anti-Vir: (Die anderen Viren wurden erfolgreich entfernt)
Zitat:
Avira AntiVir Personal
Report file date: Donnerstag, 1. September 2011 02:45
Scanning for 3316559 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PAOLO-PC
Version information:
BUILD.DAT : 10.2.0.700 35934 Bytes 21.07.2011 17:12:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 28.06.2011 21:57:03
AVSCAN.DLL : 10.0.5.0 47464 Bytes 28.06.2011 21:57:03
LUKE.DLL : 10.3.0.5 45416 Bytes 28.06.2011 21:57:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 22:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 28.06.2011 21:57:04
AVREG.DLL : 10.3.0.9 88833 Bytes 14.07.2011 21:37:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 20:20:56
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 08:01:00
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 11:41:52
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 19:52:14
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 20:58:08
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 19:06:32
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 05:06:24
VBASE007.VDF : 7.11.13.61 2048 Bytes 16.08.2011 05:06:24
VBASE008.VDF : 7.11.13.62 2048 Bytes 16.08.2011 05:06:24
VBASE009.VDF : 7.11.13.63 2048 Bytes 16.08.2011 05:06:24
VBASE010.VDF : 7.11.13.64 2048 Bytes 16.08.2011 05:06:24
VBASE011.VDF : 7.11.13.65 2048 Bytes 16.08.2011 05:06:24
VBASE012.VDF : 7.11.13.66 2048 Bytes 16.08.2011 05:06:24
VBASE013.VDF : 7.11.13.95 166400 Bytes 17.08.2011 22:42:14
VBASE014.VDF : 7.11.13.125 209920 Bytes 18.08.2011 22:42:14
VBASE015.VDF : 7.11.13.157 184832 Bytes 22.08.2011 11:45:46
VBASE016.VDF : 7.11.13.201 128000 Bytes 24.08.2011 11:45:51
VBASE017.VDF : 7.11.13.234 160768 Bytes 25.08.2011 11:45:48
VBASE018.VDF : 7.11.14.16 141312 Bytes 30.08.2011 10:06:22
VBASE019.VDF : 7.11.14.17 2048 Bytes 30.08.2011 10:06:22
VBASE020.VDF : 7.11.14.18 2048 Bytes 30.08.2011 10:06:22
VBASE021.VDF : 7.11.14.19 2048 Bytes 30.08.2011 10:06:22
VBASE022.VDF : 7.11.14.20 2048 Bytes 30.08.2011 10:06:22
VBASE023.VDF : 7.11.14.21 2048 Bytes 30.08.2011 10:06:22
VBASE024.VDF : 7.11.14.22 2048 Bytes 30.08.2011 10:06:22
VBASE025.VDF : 7.11.14.23 2048 Bytes 30.08.2011 10:06:22
VBASE026.VDF : 7.11.14.24 2048 Bytes 30.08.2011 10:06:22
VBASE027.VDF : 7.11.14.25 2048 Bytes 30.08.2011 10:06:22
VBASE028.VDF : 7.11.14.26 2048 Bytes 30.08.2011 10:06:22
VBASE029.VDF : 7.11.14.27 2048 Bytes 30.08.2011 10:06:22
VBASE030.VDF : 7.11.14.28 2048 Bytes 30.08.2011 10:06:22
VBASE031.VDF : 7.11.14.39 92672 Bytes 31.08.2011 10:06:22
Engineversion : 8.2.6.50
AEVDF.DLL : 8.1.2.1 106868 Bytes 29.07.2010 22:01:01
AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 27.08.2011 11:46:09
AESCN.DLL : 8.1.7.2 127349 Bytes 24.11.2010 21:54:22
AESBX.DLL : 8.2.1.34 323957 Bytes 02.06.2011 10:02:46
AERDL.DLL : 8.1.9.13 639349 Bytes 14.07.2011 21:37:28
AEPACK.DLL : 8.2.10.9 684406 Bytes 29.08.2011 22:26:35
AEOFFICE.DLL : 8.1.2.13 201083 Bytes 28.07.2011 21:10:45
AEHEUR.DLL : 8.1.2.161 3641720 Bytes 27.08.2011 11:46:03
AEHELP.DLL : 8.1.17.7 254327 Bytes 28.07.2011 21:10:45
AEGEN.DLL : 8.1.5.9 401780 Bytes 27.08.2011 11:45:50
AEEMU.DLL : 8.1.3.0 393589 Bytes 24.11.2010 21:54:18
AECORE.DLL : 8.1.23.0 196983 Bytes 27.08.2011 11:45:49
AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 20:57:02
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 11:03:38
AVPREF.DLL : 10.0.3.2 44904 Bytes 28.06.2011 21:57:03
AVREP.DLL : 10.0.0.10 174120 Bytes 17.05.2011 17:05:49
AVARKT.DLL : 10.0.26.1 255336 Bytes 28.06.2011 21:57:03
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 28.06.2011 21:57:03
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:41:00
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 28.06.2011 21:57:03
RCTEXT.DLL : 10.0.64.0 97640 Bytes 28.06.2011 21:57:03
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, Q:, S:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced
Start of the scan: Donnerstag, 1. September 2011 02:45
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version\version
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version\version
[NOTE] The registry entry is invisible.
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
[NOTE] The process is not visible.
The scan of running processes will be started
Scan process 'SearchFilterHost.exe' - '32' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '79' Module(s) have been scanned
Scan process 'avscan.exe' - '29' Module(s) have been scanned
Scan process 'avcenter.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'Apntex.exe' - '19' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '15' Module(s) have been scanned
Scan process 'ehmsas.exe' - '18' Module(s) have been scanned
Scan process 'SvcGuiHlpr.exe' - '80' Module(s) have been scanned
Scan process 'unsecapp.exe' - '27' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '27' Module(s) have been scanned
Scan process 'ehtray.exe' - '26' Module(s) have been scanned
Scan process 'igfxpers.exe' - '25' Module(s) have been scanned
Scan process 'hkcmd.exe' - '29' Module(s) have been scanned
Scan process 'jusched.exe' - '20' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'PMHandler.exe' - '33' Module(s) have been scanned
Scan process 'scheduler_proxy.exe' - '34' Module(s) have been scanned
Scan process 'Apoint.exe' - '33' Module(s) have been scanned
Scan process 'MSASCui.exe' - '39' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '42' Module(s) have been scanned
Scan process 'Explorer.EXE' - '164' Module(s) have been scanned
Scan process 'taskeng.exe' - '69' Module(s) have been scanned
Scan process 'Dwm.exe' - '30' Module(s) have been scanned
Scan process 'AcSvc.exe' - '91' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'tvtsched.exe' - '37' Module(s) have been scanned
Scan process 'rrservice.exe' - '49' Module(s) have been scanned
Scan process 'rrpservice.exe' - '22' Module(s) have been scanned
Scan process 'TPHKSVC.exe' - '31' Module(s) have been scanned
Scan process 'tvt_reg_monitor_svc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '31' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '20' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'PMSveH.exe' - '12' Module(s) have been scanned
Scan process 'lxeccoms.exe' - '40' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '16' Module(s) have been scanned
Scan process 'FNF5SVC.exe' - '5' Module(s) have been scanned
Scan process 'EvtEng.exe' - '83' Module(s) have been scanned
Scan process 'btwdins.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'BcmSqlStartupSvc.exe' - '20' Module(s) have been scanned
Scan process 'WlanNetService.exe' - '40' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '47' Module(s) have been scanned
Scan process 'avguard.exe' - '70' Module(s) have been scanned
Scan process 'svchost.exe' - '49' Module(s) have been scanned
Scan process 'AcPrfMgrSvc.exe' - '73' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '93' Module(s) have been scanned
Scan process 'WLANExt.exe' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '85' Module(s) have been scanned
Scan process 'svchost.exe' - '83' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '145' Module(s) have been scanned
Scan process 'svchost.exe' - '117' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Start scanning boot sectors:
Master boot sector HD0
[DETECTION] Contains code of the BOO/Whistler boot sector virus
[NOTE] The boot sector was written!
Boot sector 'C:\'
[DETECTION] Contains code of the BOO/Whistler boot sector virus
[NOTE] The boot sector has not been repaired!
Boot sector 'Q:\'
[DETECTION] Contains code of the BOO/Whistler boot sector virus
[NOTE] The boot sector has not been repaired!
Boot sector 'S:\'
[DETECTION] Contains code of the BOO/Whistler boot sector virus
[NOTE] The boot sector has not been repaired!
Starting to scan executable files (registry).
The registry was scanned ( '1365' files ).
Starting the file scan:
C:\Users\Paolo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\ae9694f-77de91fe
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/C-2009-3867.EH Java virus
C:\Users\Paolo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\677c3b20-51c2bf1c
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/C-2009-3867.EH Java virus
Begin scan in 'Q:\' <Lenovo>
Begin scan in 'S:\' <SERVICEV003>
Beginning disinfection:
C:\Users\Paolo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\677c3b20-51c2bf1c
[DETECTION] Contains recognition pattern of the JAVA/C-2009-3867.EH Java virus
[NOTE] The file was moved to the quarantine directory under the name '4a7ba3cd.qua'.
C:\Users\Paolo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\ae9694f-77de91fe
[DETECTION] Contains recognition pattern of the JAVA/C-2009-3867.EH Java virus
[NOTE] The file was moved to the quarantine directory under the name '52e28c58.qua'.
End of the scan: Donnerstag, 1. September 2011 05:58
Used time: 3:11:58 Hour(s)
The scan has been done completely.
40663 Scanned directories
1132716 Files were scanned
9 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
1 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1132711 Files not concerned
14839 Archives were scanned
0 Warnings
11 Notes
871176 Objects were scanned with rootkit scan
3 Hidden objects were found
|
01.09.2011, 15:42
Baum-Darstellung