Hallo.

AntiVir hat bei einem Routinescan den hier gefunden "TR/Horse SZS" - in Dateien, die ich schon n Jahr auf der Platte hatte.
Sichtbar negative Symptome gibts eigentlich keine und ich konnte im Netz auch keine weiteren Infos über den Quälgeist finden.
Dann ab damit in Quarantäne und später gelöscht - Fundmeldung kommt aber immer mal wieder.

Was soll ich machen ?
Wäre echt super, wenn hier mal jemand drüber schauen könnte.

Anhänge.

Danke, Gruß.

wo ist der avira scan bericht, avira, reports, dort ist er zu finden.

Hallo.

AntiVir hat ihn bei diesem Scan gefunden.
Bei späteren Komplettscans hat er nix mehr gemeldet, dafür zwischendurch öfters mal.


Danke, Gruß


Avira AntiVir Personal
Report file date: Dienstag, 16. November 2010 22:57

Scanning for 3058085 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MOBILE-R

Version information:
BUILD.DAT : 9.0.0.429 21701 Bytes 06.10.2010 10:04:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13.10.2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 10:47:07
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 21:40:02
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 21:40:03
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 20:44:22
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 17:45:57
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 14:01:54
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 07:41:34
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 18:35:19
VBASE009.VDF : 7.10.13.80 2265600 Bytes 02.11.2010 21:26:43
VBASE010.VDF : 7.10.13.81 2048 Bytes 02.11.2010 21:26:43
VBASE011.VDF : 7.10.13.82 2048 Bytes 02.11.2010 21:26:43
VBASE012.VDF : 7.10.13.83 2048 Bytes 02.11.2010 21:26:43
VBASE013.VDF : 7.10.13.116 147968 Bytes 04.11.2010 21:26:24
VBASE014.VDF : 7.10.13.147 146944 Bytes 07.11.2010 19:56:03
VBASE015.VDF : 7.10.13.180 123904 Bytes 09.11.2010 20:04:55
VBASE016.VDF : 7.10.13.211 122368 Bytes 11.11.2010 18:25:09
VBASE017.VDF : 7.10.13.243 147456 Bytes 15.11.2010 19:06:44
VBASE018.VDF : 7.10.13.244 2048 Bytes 15.11.2010 19:06:44
VBASE019.VDF : 7.10.13.245 2048 Bytes 15.11.2010 19:06:44
VBASE020.VDF : 7.10.13.246 2048 Bytes 15.11.2010 19:06:45
VBASE021.VDF : 7.10.13.247 2048 Bytes 15.11.2010 19:06:45
VBASE022.VDF : 7.10.13.248 2048 Bytes 15.11.2010 19:06:45
VBASE023.VDF : 7.10.13.249 2048 Bytes 15.11.2010 19:06:45
VBASE024.VDF : 7.10.13.250 2048 Bytes 15.11.2010 19:06:45
VBASE025.VDF : 7.10.13.251 2048 Bytes 15.11.2010 19:06:45
VBASE026.VDF : 7.10.13.252 2048 Bytes 15.11.2010 19:06:45
VBASE027.VDF : 7.10.13.253 2048 Bytes 15.11.2010 19:06:45
VBASE028.VDF : 7.10.13.254 2048 Bytes 15.11.2010 19:06:45
VBASE029.VDF : 7.10.13.255 2048 Bytes 15.11.2010 19:06:45
VBASE030.VDF : 7.10.14.0 2048 Bytes 15.11.2010 19:06:45
VBASE031.VDF : 7.10.14.12 127488 Bytes 16.11.2010 21:55:32
Engineversion : 8.2.4.98
AEVDF.DLL : 8.1.2.1 106868 Bytes 04.08.2010 18:21:29
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 03.11.2010 21:26:26
AESCN.DLL : 8.1.6.1 127347 Bytes 23.05.2010 16:57:57
AESBX.DLL : 8.1.3.1 254324 Bytes 26.04.2010 05:19:52
AERDL.DLL : 8.1.9.2 635252 Bytes 21.09.2010 18:59:50
AEPACK.DLL : 8.2.3.11 471416 Bytes 14.10.2010 16:56:20
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 21.07.2010 17:45:39
AEHEUR.DLL : 8.1.2.41 3043703 Bytes 12.11.2010 18:25:17
AEHELP.DLL : 8.1.14.0 246134 Bytes 14.10.2010 16:56:18
AEGEN.DLL : 8.1.3.24 401781 Bytes 03.11.2010 21:26:23
AEEMU.DLL : 8.1.2.0 393588 Bytes 26.04.2010 05:19:50
AECORE.DLL : 8.1.17.0 196982 Bytes 26.09.2010 18:04:27
AEBB.DLL : 8.1.1.0 53618 Bytes 26.04.2010 05:19:50
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26.08.2009 14:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 04.03.2010 21:40:17
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13.10.2009 11:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Dienstag, 16. November 2010 22:57

Starting search for hidden objects.
'53984' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'AdskScSrv.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'cnwida.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'mpm.exe' - '1' Module(s) have been scanned
Scan process 'CloneCDTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ForceField.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ISWSVC.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
59 processes with 59 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '80' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Dokumente und Einstellungen\RE\Lokale Einstellungen\Anwendungsdaten\Google\Update\Download\{CB2ECBA8-A53E-4D32-BD7B-214E3FFD5D36}
[WARNING] The file could not be read!
C:\Downloads\Software\zaSetup_92_058_000_de.exe
[0] Archive type: ZIP SFX (self extracting)
--> SWITCHUNINST_49ZONE LABS.EXE
[1] Archive type: RSRC
--> WINDOWS6.0-KB929547-V2-X64.MSU
[1] Archive type: CAB (Microsoft)
--> Windows6.0-KB929547-v2-x64.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Sonstiges\...
[DETECTION] Is the TR/Horse.SZS Trojan
C:\Sonstiges\...
[0] Archive type: ZIP
...
[DETECTION] Is the TR/Horse.SZS Trojan
C:\Sonstiges\...
[DETECTION] Is the TR/Horse.SZS Trojan

Beginning disinfection:
C:\Sonstiges\...
[DETECTION] Is the TR/Horse.SZS Trojan
[NOTE] The file was moved to '4d440dcd.qua'!
C:\Sonstiges\...
[NOTE] The file was moved to '4d510dc4.qua'!
C:\Sonstiges\...
[DETECTION] Is the TR/Horse.SZS Trojan
[NOTE] The file was moved to '4c86eff6.qua'!


End of the scan: Mittwoch, 17. November 2010 00:01
Used time: 1:04:26 Hour(s)

The scan has been canceled!

7405 Scanned directories
561357 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
561353 Files not concerned
4516 Archives were scanned
3 Warnings
4 Notes
53984 Objects were scanned with rootkit scan
0 Hidden objects were found

das ganze log. ohne punkte

Hallo.

Die Punkte sind doch lediglich Platzhalter für die jeweilige Datei, in welcher der Übeltäter steckte, die ich hier aber ungern nennen möchte.

Eine Datei, jeweils.
Ich möchte bitte das Problem verstehen, der Trojaner wird doch aufgeführt.

Danke, Gruß.

na ohne dateinamen ist dieses thema für mich erledigt. da ich annehme das es keygens sind.