|
Plagegeister aller Art und deren Bekämpfung: BOO/Sinowal.A in allen Bootsectoren!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.04.2009, 21:57 | #16 |
| BOO/Sinowal.A in allen Bootsectoren! Hallo Undoreal! hier der log von Avira mit den Agressiven settings: Code:
ATTFilter Avira AntiVir Personal Report file date: Mittwoch, 15. April 2009 21:03 Scanning for 1354334 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : *** Version information: BUILD.DAT : 9.0.0.387 17962 Bytes 24.03.2009 11:04:00 AVSCAN.EXE : 9.0.3.3 464641 Bytes 24.02.2009 10:13:28 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 08:58:26 LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 09:35:50 LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 08:58:54 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 10:30:38 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.02.2009 18:33:28 ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01.04.2009 18:08:46 ANTIVIR3.VDF : 7.1.3.57 266240 Bytes 15.04.2009 18:56:02 Engineversion : 8.2.0.143 AEVDF.DLL : 8.1.1.0 106868 Bytes 27.01.2009 15:36:42 AESCRIPT.DLL : 8.1.1.75 373113 Bytes 14.04.2009 18:54:06 AESCN.DLL : 8.1.1.10 127348 Bytes 04.04.2009 17:58:38 AERDL.DLL : 8.1.1.3 438645 Bytes 29.10.2008 16:24:42 AEPACK.DLL : 8.1.3.12 397687 Bytes 04.04.2009 17:58:38 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26.02.2009 18:01:58 AEHEUR.DLL : 8.1.0.116 1708407 Bytes 14.04.2009 18:53:58 AEHELP.DLL : 8.1.2.2 119158 Bytes 26.02.2009 18:01:58 AEGEN.DLL : 8.1.1.34 340340 Bytes 14.04.2009 18:53:46 AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 12:32:40 AECORE.DLL : 8.1.6.9 176500 Bytes 14.04.2009 18:53:44 AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 12:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 06:48:00 AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 08:32:16 AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 12:34:30 AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 08:32:10 AVARKT.DLL : 9.0.0.1 292609 Bytes 09.02.2009 05:52:26 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 08:37:10 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 13:03:50 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 06:21:34 NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 08:32:12 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09.02.2009 09:45:46 RCTEXT.DLL : 9.0.35.0 87297 Bytes 11.03.2009 13:55:14 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, I:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Mittwoch, 15. April 2009 21:03 Starting search for hidden objects. '53276' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'skypePM.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned Scan process 'Safari.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'WMIAPSRV.EXE' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'LVComSX.exe' - '1' Module(s) have been scanned Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned Scan process 'TabUserW.exe' - '1' Module(s) have been scanned Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned Scan process 'ChkMail.exe' - '1' Module(s) have been scanned Scan process 'btdna.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'RMC.EXE' - '1' Module(s) have been scanned Scan process 'Monitor.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned Scan process 'E_FATIAIE.EXE' - '1' Module(s) have been scanned Scan process 'ATKOSD.EXE' - '1' Module(s) have been scanned Scan process 'Tablet.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned Scan process 'Alcmtr.exe' - '1' Module(s) have been scanned Scan process 'OProtSvc.exe' - '1' Module(s) have been scanned Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned Scan process 'SoundMan.exe' - '1' Module(s) have been scanned Scan process 'JQS.EXE' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned Scan process 'HControl.exe' - '1' Module(s) have been scanned Scan process 'RemoteControlService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process '1XConfig.exe' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 71 processes with 71 modules were scanned Starting master boot sector scan: Start scanning boot sectors: Starting to scan executable files (registry). The registry was scanned ( '76' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\WINDOWS\system32\drivers\sptd3405.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'I:\' <***EXTERNE> End of the scan: Mittwoch, 15. April 2009 22:39 Used time: 1:35:51 Hour(s) The scan has been done completely. 10622 Scanned directories 555500 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 4 Files cannot be scanned 555496 Files not concerned 7269 Archives were scanned 4 Warnings 2 Notes 53276 Objects were scanned with rootkit scan 0 Hidden objects were found bis dahin erstmal danke. auffälligkeiten am rechner gibt es mittlerweile keine mehr. bevor du mir geholfen hast hatte ich ab und an mal einen bluescreen wenn ich den internetbrowser verwendet habe. ist aber seit dem nicht mehr aufgetreten. ansonsten läuft er dem alter entsprechend ( 3 1/2) jahre gut. gruss |
Themen zu BOO/Sinowal.A in allen Bootsectoren! |
adobe, antivir, antivir guard, asus, beseitigung, bho, bonjour, boo/sinowal.a, control center, desktop, disabled.securitycenter, excel, explorer, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, pdf, plug-in, programme, registrierungsschlüssel, remote control, security, software, system, trojaner, usb, windows xp |