Büdde mal anschauen

eXtremServer|Admin · 02.02.2005, 15:38

Hi hier ist die Logauszug.
Ich denke, dass ich einen Trojaner oder sonnst etwas drauf habe.
Wenn euch in der Log datei was auffallen solltet bitte ich euch mir einen Tip zu geben wie ich was Fixe. So genug geredet

Danke im Voraus
Alex

Code:

ATTFilter

Logfile of HijackThis v1.99.0
Scan saved at 15:30:32, on 02.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Borland\InterBase\bin\ibguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Canon\MultiPASS4\MPTBox.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Xfire\Xfire.exe
C:\Programme\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\Canon\MultiPASS4\MPDBMgr.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
C:\DOKUME~1\EXTREM~1\LOKALE~1\Temp\~e5d141.tmp
C:\DOKUME~1\EXTREM~1\LOKALE~1\Temp\~e5d141.tmp
C:\Programme\Ipswitch\WS_FTP Pro\wsftpgui.exe
C:\Programme\NNScript\mirc.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Dokumente und Einstellungen\eXtremServer Admin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.extremserver.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Programme\Zend\bin\ZendIEToolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [MPTBox] C:\Programme\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVWin\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AVWUpd32] "C:\PROGRA~1\AVWin\Avwupd32.EXE" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Launch TeamSpeak.lnk = C:\Programme\Teamspeak Launcher\LaunchTS.exe
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Programme\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Programme\Zend\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Programme\Zend\bin\ZendIEToolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Programme\Zend\bin\ZendIEToolbar.dll (file missing)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {C997B096-DD53-487D-84F8-707E0EC1B483} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {C997B096-DD53-487D-84F8-707E0EC1B483} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101824019935
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Mail Security Service - H+BEDV Datentechnik GmbH - C:\Programme\AVWin\AVMAILC.EXE
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVWin\AVGUARD.EXE
O23 - Service: AVE Service - H+BEDV Datentechnik GmbH - C:\Programme\AVWin\AVESVC.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVWin\AVWUPSRV.EXE
O23 - Service: FileZilla Server FTP server - Unknown - C:\Programme\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: InterBase Guardian - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibserver.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MpService - Canon Inc. - C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

HerrKautz · 02.02.2005, 17:08

Ich seh erstmal nix schlimmes,wurde irgendwas gemeldet vom AV Scanner?

Mach mal einen escan im abgesicherten Modus,geh dazu nach dieser Anleitung vor http://www.trojaner-board.de/42731-escan-anleitung.html poste dann ggf. was gefunden wird danach gehn wir dann zum Fixen über!

Gruss

eXtremServer|Admin · 03.02.2005, 01:50

Soo habe bis gerade eben gescannt schon schitte 500 GB HDD^^

welche logs soll ich denn Posten sind schließlich jede Menge oder soll ich nur bestimmte logs Posten?

Danke schomma
Alex

HerrKautz · 03.02.2005, 13:17

Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)

eXtremServer|Admin · 03.02.2005, 13:30

hi hier der Auszug aus der Log

Code:

ATTFilter

Wed Feb 02 17:39:14 2005 => File C:\Dokumente und Einstellungen\eXtremServer Admin\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-626c590d.zip infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: No Action Taken.

Wed Feb 02 20:08:12 2005 => File E:\System Volume Information\_restore{6806FDEA-50E4-4CF1-9953-AB4EF2F76AAE}\RP235\A0043835.exe infected by "Nuker.Win32.RPCNuker" Virus. Action Taken: No Action Taken.

Wed Feb 02 21:05:08 2005 => File F:\bacupCetc\c\Dokumente und Einstellungen\Administrator\Desktop\desktop2\ossvc5503.exe infected by "not-a-virus:AdWare.NavExcel" Virus. Action Taken: No Action Taken.

Wed Feb 02 22:21:23 2005 => File F:\LaptopAlex\D\netpumper-1.20-setup.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.

Thu Feb 03 00:19:55 2005 => File H:\essen\medionanimation.zip infected by "Trojan-Clicker.Win32.Delf.az" Virus. Action Taken: No Action Taken.

Thu Feb 03 00:27:17 2005 => File H:\LaptopAlex\C\Dokumente und Einstellungen\Alexandre Jedamzik\Desktop\DesktopDesktop\Desktop3\mbhttpbf.exe infected by "Backdoor.DSSdoor.b" Virus. Action Taken: No Action Taken.

Thu Feb 03 01:02:35 2005 => File H:\LaptopAlex\C\Programme\Save\SaveUninst.exe infected by "not-a-virus:AdWare.SaveNow.af" Virus. Action Taken: No Action Taken.

Thu Feb 03 01:11:01 2005 => File H:\Medion\uninstall.exe infected by "Worm.Win32.Dedler.b" Virus. Action Taken: No Action Taken.

Thu Feb 03 01:25:58 2005 => File H:\System Volume Information\_restore{6806FDEA-50E4-4CF1-9953-AB4EF2F76AAE}\RP228\A0036298.exe infected by "Nuker.Win32.RPCNuker" Virus. Action Taken: No Action Taken.

Thu Feb 03 01:25:59 2005 => File H:\System Volume Information\_restore{6806FDEA-50E4-4CF1-9953-AB4EF2F76AAE}\RP235\A0043838.exe infected by "Nuker.Win32.RPCNuker" Virus. Action Taken: No Action Taken.

Thu Feb 03 01:28:12 2005 => Total Files Scanned: 519979
Thu Feb 03 01:28:12 2005 => Total Virus(es) Found: 94
Thu Feb 03 01:28:12 2005 => Total Disinfected Files: 0

Hoffe Ihr könnt mir helfen

MFG
Alex

HerrKautz · 03.02.2005, 13:31

Könntest du das bitte mit dem Code mal lassen und das Log komplett posten?

Total Virus(es) Found: 94 << Die will ich alle sehen!

eXtremServer|Admin · 03.02.2005, 13:58

Ich muss es in 2 Teile splitten

( 1. Der Text, den Sie eingegeben haben, besteht aus 12360 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 10000 Zeichen.)

OK werde es nicht meh im Code format schreiben.
Hier die 49 gefundenen Sachen.

File C:\Dokumente und Einstellungen\eXtremServer Admin\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-626c590d.zip infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\eXtremServer Admin\Desktop\Desktop\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File C:\Dokumente und Einstellungen\eXtremServer Admin\Desktop\Desktop2\vnc-4.0-x86_win32.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.4. No Action Taken.
File C:\Dokumente und Einstellungen\eXtremServer Admin\Desktop\Desktop2\vnc-4.0-x86_win32_viewer.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.4. No Action Taken.
File C:\123\IS\install.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\123\IS\run.exe tagged as not-a-virus:FalseAlarm.DrWeb.Backdoor.Theef.111. No Action Taken.
File C:\Programme\NNScript\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File D:\PHPmix\PHP Archiv 3 php MySQL Sammelband V 1.0 der Kram Programme Tools Templates usw upload by sixxxpac\263Mercial Asp Cgi Perl And Php Scripts.rar tagged as not-a-virus:NetTool.Sniffer.CDP.a. No Action Taken.
File D:\PHPmix\PHP Archiv 3 php MySQL Sammelband V 1.0 der Kram Programme Tools Templates usw upload by sixxxpac.rar tagged as not-a-virus:NetTool.Sniffer.CDP.a. No Action Taken.
File D:\PHProjekte\442303_R1\tools\ZipGenieTryandBuyDemo.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\PHProjekte\neue2\Cover.mp3.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Webserver\xampp\apache\bin\pv.exe tagged as not-a-virus:RiskWare.Tool.PrcView.3725. No Action Taken.
File E:\Counter Strike\cs1.5\Half-Life\hltv.exe tagged as not-a-virus:RiskWare.Proxy.Hltv. No Action Taken.
File E:\Formatsicherung\AtomixMP3\Atomixmp3 2.1F.EXE tagged as not-a-virus:Cracker.AssasinPatch. No Action Taken.
File E:\Formatsicherung\euer Ordner\hl_51_Update.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\Formatsicherung\NNScript\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.
File E:\Formatsicherung\SIERRA\Half-Life\cstrike\ben\setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\mirc\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File E:\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File E:\install.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File E:\Quake3\Q3ADemo.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\Quake3\Q3Arena\Q3Arena\Check for Quake III Arena Updates.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\System Volume Information\_restore{6806FDEA-50E4-4CF1-9953-AB4EF2F76AAE}\RP235\A0043835.exe infected by "Nuker.Win32.RPCNuker" Virus. Action Taken: No Action Taken.
File E:\Valve\cs1.5\Half-Life\hltv.exe tagged as not-a-virus:RiskWare.Proxy.Hltv. No Action Taken.
File F:\backup laptop 2\Program Files\mIRC\backup\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File F:\backup laptop 2\Program Files\mIRC\download\schrank.rar tagged as not-a-virus:Cracker.AssasinPatch. No Action Taken.
File F:\backup laptop 2\Program Files\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.14. No Action Taken.
File F:\backup laptop 2\Spiele\CS 1.5\Sierra\Half-Life\hltv.exe tagged as not-a-virus:RiskWare.Proxy.Hltv. No Action Taken.
File F:\backup laptop 2\www.extremserver.de\_.-Games-._\Check for Quake III Arena Updates.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\backup laptop 2\http://www.extremserver.de\_.-Games-...Net\PCVKIT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\bacupCetc\c\Dokumente und Einstellungen\Administrator\Desktop\desktop2\ossvc5503.exe infected by "not-a-virus:AdWare.NavExcel" Virus. Action Taken: No Action Taken.
File F:\bacupCetc\c\Dokumente und Einstellungen\Administrator\Desktop\desktop2\SetupSwishmax.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\bacupCetc\c\Dokumente und Einstellungen\Administrator\Eigene Dateien\setup\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File F:\bacupCetc\c\Dokumente und Einstellungen\Administrator\Eigene Dateien\setup\pre60to\Premiere_6.0 Tryout Win\Cleaner\cleaner.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\bacupCetc\c\Dokumente und Einstellungen\Administrator\Eigene Dateien\setup\xampp-win32-1.4.5\xampp\apache\bin\kill.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.
File F:\bacupCetc\Games\Quake3 Rocketarena\Quake III Arena\Check for Quake III Arena Updates.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\bacupCetc\Games\Quake3 Rocketarena\Quake III Arena\Extras\WorldNet\PCVKIT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\bacupCetc\Programme\Programme\apachefriends\xampp\apache\bin\kill.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.
File F:\bacupCetc\Programme\Programme\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File F:\bacupCetc\Programme\Programme\Copy\CopyLDR.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File F:\FC 30.11.04\hauptdesktop\updater_sketch_11\Updater_SKETCH_11.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\FC 30.11.04\hauptdesktop\updater_sketch_11.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\LaptopAlex\D\netpumper-1.20-setup.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File F:\LaptopAlex\D\Programme\PHP\78 cgi and php scripts all in 1.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\LaptopAlex\E\D\78 cgi and php scripts all in 1\Applet Password Wizard 3.0.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\LaptopAlex\Eigene Datenein\Setupdateien\cfsetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File F:\LaptopAlex\Eigene Datenein\Setupdateien\mirc612.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File F:\LaptopAlex\Eigene Datenein\Setupdateien\mirc614.exe tagged as not-a-virus:RiskWare.mIRC.6.14. No Action Taken.
File F:\LaptopAlex\Eigene Datenein\Setupdateien\SetupSwishmax_20040401.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\BRAUCH ICH\EXES\FlashMX2004-de.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

eXtremServer|Admin · 03.02.2005, 13:59

File G:\BRAUCH ICH\FTP1\100% checked by GUL\-------------]CHAT-TOOLS[-------------\mIRC6.12Invision2.0\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File G:\BRAUCH ICH\FTP1\100% checked by GUL\-------------]CHAT-TOOLS[-------------\mIRC6.12Invision2520.rar tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File G:\BRAUCH ICH\NNScript\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File G:\BRAUCH ICH\SIERRA\Half-Life\hltv.exe tagged as not-a-virus:RiskWare.Proxy.Hltv. No Action Taken.
File G:\BRAUCH ICH\SWiSHmax\SetupSwishmax.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\BRAUCH ICH\Codecs\DivX 5.02 Pro\DivXPro502Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\BRAUCH ICH\Codecs\Radium Mp3 Codec\SETUPL3C.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\BRAUCH ICH\Audiograbber 1.8.1\Audiograbber 1.8.1.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\BRAUCH ICH\CODECS\DIVX_502_PRO\DIVXPRO502BUNDLE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\BRAUCH ICH\CODECS\RADIUM_MP3_CODEC\SETUPL3C.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\BRAUCH ICH\\AUDIOGRABBER_181\AUDIOGRABBER_181.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\BRAUCH ICH\SERVER_AUTOUPDATER.ZIP tagged as not-a-virus:RiskWare.Downloader.Url2File.a. No Action Taken.
File G:\BRAUCH ICH\XPTUNER_103\XPTUNER_103_UPDATE.EXE tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File G:\BRAUCH ICH\ZIPS & RARS\ls_videomach272.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File G:\BRAUCH ICH\^flsh\flashmx2004_trial_en_win.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\BRAUCH ICH\ƒLASH\Flash\Flash_Video_Exporter.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File G:\RECYCLER\S-1-5-21-1078081533-1078145449-1060284298-1001\Dg13.61\s.met updater-core.zip tagged as not-a-virus:RiskWare.Downloader.Url2File.a. No Action Taken.
File G:\RECYCLER\S-1-5-21-1078081533-1078145449-1060284298-1001\Dg3.03\xpTuner 1.03 Update.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File G:\System Volume Information\_restore{6806FDEA-50E4-4CF1-9953-AB4EF2F76AAE}\RP241\A0053283.exe tagged as not-a-virus:Cracker.AssasinPatch. No Action Taken.
File H:\medion001.zip infected by "Trojan-Clicker.Win32.Delf.az" Virus. Action Taken: No Action Taken.
File H:\medion002.zip tagged as not-a-virus:FalseAlarm.DrWeb.Backdoor.Theef.111. No Action Taken.
File H:\medion003.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File H:\medion004.zip tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File H:\LaptopAlex\C\Dokumente und Einstellungen\Alexandre Jedamzik\Desktop\DesktopDesktop\DESKTOP\medionanim.EXE tagged as not-a-virus:Cracker.AssasinPatch. No Action Taken.
File H:\LaptopAlex\C\Dokumente und Einstellungen\Alexandre Jedamzik\Desktop\DesktopDesktop\Desktop3\mbhttpbf.exe infected by "Backdoor.DSSdoor.b" Virus. Action Taken: No Action Taken.
File H:\LaptopAlex\C\Dokumente und Einstellungen\Alexandre Jedamzik\Eigene Dateien\Setupdateien\cfsetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\LaptopAlex\C\Dokumente und Einstellungen\Alexandre Jedamzik\Eigene Dateien\Setupdateien\mirc612.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File H:\LaptopAlex\C\Dokumente und Einstellungen\Alexandre Jedamzik\Eigene Dateien\Setupdateien\mirc614.exe tagged as not-a-virus:RiskWare.mIRC.6.14. No Action Taken.
File H:\LaptopAlex\C\Dokumente und Einstellungen\Alexandre Jedamzik\Eigene Dateien\Setupdateien\SetupSwishmax_20040401.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\LaptopAlex\C\Program Files\mIRC\backup\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File H:\LaptopAlex\C\Program Files\mIRC\bncdaten.rar tagged as not-a-virus:Cracker.AssasinPatch. No Action Taken.
File H:\LaptopAlex\C\Program Files\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.14. No Action Taken.
File H:\LaptopAlex\C\Programme\Save\SaveUninst.exe infected by "not-a-virus:AdWare.SaveNow.af" Virus. Action Taken: No Action Taken.
File H:\LaptopAlex\C\Programme\Sierra\Half-Life\hltv.exe tagged as not-a-virus:RiskWare.Proxy.Hltv. No Action Taken.
File H:\LaptopAlex\C\servertools\FireDaemon-Lite-1_6-GA.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\LaptopAlex\C\servertools\FlashFXP_21_Setup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\LaptopAlex\CS 1.5\CS 1.5\Sierra\Half-Life\hltv.exe tagged as not-a-virus:RiskWare.Proxy.Hltv. No Action Taken.
File H:\LaptopAlex\D\Driver\AGP\XP-2000-ME_ver.7.2.0.1140\AGP\htpatch\HTpatch.exe tagged as not-a-virus:Tool.Win32.HTPatch.b. No Action Taken.
File H:\Medion\uninstall.exe infected by "Worm.Win32.Dedler.b" Virus. Action Taken: No Action Taken.
File H:\mIRC 6.16\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File H:\NNScript\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File H:\System Volume Information\_restore{6806FDEA-50E4-4CF1-9953-AB4EF2F76AAE}\RP228\A0036298.exe infected by "Nuker.Win32.RPCNuker" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{6806FDEA-50E4-4CF1-9953-AB4EF2F76AAE}\RP235\A0043838.exe infected by "Nuker.Win32.RPCNuker" Virus. Action Taken: No Action Taken.
File H:\XAMPP\xampp-win32-1.4.10a-installer.exe tagged as not-a-virus:RiskWare.Tool.PrcView.3725. No Action Taken.

Nicht gerade wenig oder?

MFG
Alex

HerrKautz · 03.02.2005, 14:02

Nein wenig ist es nicht,

File H:\LaptopAlex\C\Dokumente und Einstellungen\Alexandre Jedamzik\Desktop\DesktopDesktop\Desktop3\mbhttpbf. exe infected by "Backdoor.DSSdoor.b" Virus.

wurde der mit Absicht runter geladen?

Du solltest das System neu aufsetzen,sind ja auch einige Würmer drauf!

Geh am besten so vor,les alles in Ruhe durch:

http://trojaner-board.de/showthread.php?t=12154

Gruss

edit: Auch der hier http://www.sophos.de/virusinfo/analy...jrpcnukea.html

Wolltest du mit Absicht auf andere Rechner oder wollte dir jemand was unterjubeln,....seltsam.....

Büdde mal anschauen

Log-Analyse und Auswertung: Büdde mal anschauen