Hallo !
Sitze hier in einem Büro mit ca 20 rechnern.

Auf einem der Rechner waren trojaner en masse, die heute einer von irgend ner page bekommen hat.
der server war kurzzeitig ausgelastet, hab diesen rechner jetzt panisch vom netz genommen.

hab adaware, spybot Search and destroy, cwshredder, norton antivirus corporate edition usw. drüberlaufenlassen.
von den massigen einträgen hab ich alle wegbekommen, da gabs u.a.
tbps.exe,wtoolsa.exe, pib.exe usw.

aber spybot meldet jetzt noch "eXact Advertising BargainsBuddy" und kriegt das nicht weg, mit dem Hinweis, dass es auf "win.ini" nicht zugreifen kann.
Abgesicherter Modus-neustarten und den firlefanz hab ich 3 mal gemacht, geht trotzdem nicht weg.

Bitte helfe mir einer schnell, hab angst um den server bzw. die daten die da drauf sind.

Vielen Dank im vorraus !


ach ja, hier der hijack-log:


Logfile of HijackThis v1.98.2
Scan saved at 14:47:30, on 04.04.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\dev32.exe
C:\Programme\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programme\NavNT\vptray.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINNT\Pqv.exe
C:\WINNT\system32\ntddetect.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\asro.exe
C:\WINNT\system32\??rss.exe
C:\Programme\adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7125FEB4-1050-3BAC-2070-1803F6BBC3EF} - C:\WINNT\system32\dals.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Programme\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ebt] C:\WINNT\Pqv.exe
O4 - HKLM\..\Run: [ntddetect] C:\WINNT\system32\ntddetect.exe
O4 - HKLM\..\Run: [Bsd] C:\WINNT\Eiv.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Gbl] C:\WINNT\system32\Jfn.exe
O4 - HKLM\..\Run: [Dtd] C:\WINNT\system32\Fqe.exe
O4 - HKLM\..\Run: [Kfe] C:\WINNT\Gjs.exe
O4 - HKLM\..\Run: [Hpo] C:\WINNT\Eef.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINNT\system32\ntddetect.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Ebt] C:\WINNT\Pqv.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XXXXX.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{94A06923-650C-4E8B-92C5-E3F8A7205F33}: NameServer = 192.168.1.XXXX
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = XXXXX.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{94A06923-650C-4E8B-92C5-E3F8A7205F33}: NameServer = 192.168.1.XXXX
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = XXXX.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{94A06923-650C-4E8B-92C5-E3F8A7205F33}: NameServer = 192.168.1.XXX


ach ja, edit no 4 : das hintergrundbild lässt sich nicht ändern btw.
auch nicht in der systemsteuerung

@momurder
ich würde ein fachmann hinzuziehen, denn
du hast mindestens ein großes problem
http://www.sophos.de/virusinfo/analy...ojagentcu.html
C:\WINNT\system32\ntddetect.exe
und mehrere unbekannte probleme

die O15 einträge bekommst du hiermit
weg(das posting von Lutz)

lade escan
download
anleitung
EscanErgebnis
Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen."

oder selbst googeln

chaosman

Im Grunde stimme ich Chaosman zu,

Eine Neuinstallation [Wie ? - siehe meine Signatur] ist wohl oder übel unumgänglich. Überdies hinaus sei Dir DRINGENST ans Herz gelegt, sämtliche Passwörter zu wechseln.

Das war es wohl von meiner Seite.

Gruß
Andy

Hallo,

meine Tendenz geht eher dahin, dass sich der gute Mann (da es sich zweifelsohne um min. einen Firmenrechner handelt) Rat bei einer entspr. Fachfirma einholt.
Die Wahrscheinlichkeit liiegt nahe, das noch andere Rechner betroffen sind.

dartus

Hi zusammen

In diesem Falle, könnte es noch schlimmer sein, als Angenommen, und ich schließe mich an, schau mal zu, dass Du Euren netzwerkadmin oder Sicherheitsbeauftragten o.ä. findest und ihm erzählst, was Sache ist - AUCH wenn Dir das evtl. Probleme einhandelt.

Sollten mehrere Rechner betroffen sein (im Firmennetzwerk), so ist Großreinemachen angesagt - und der Admin sollte gehörig eins auf den Deckel bekommen, weil er zugeallen hat, dass sich sowas überhaupt einschleicht...

Gruß
Andy

vorab danke für eure antworten

also glücklicherweise war der administrator eh schon für morgen (ergo heute ) bestellt
also werd ich dem das mal sagen und mal auf den zahn fühlen.
darf wirklich nicht passieren sowas... vor allem NUR weil ein typ sich nen cr*** holen wollte (dem hab ich schon die leviten gelesen)


ich poste morgen nochmal das escan ergebnis, hat ich eh vor.

aber meint ihr wirklich ich muss alle rechner im netz überprüfen?
ich mein, ich werds jetzt machen, da ich euch glaube, aber is arbeit !

sollte der admin auch den server angucken? virencheck etc ?
auch da alle pw ändern ?


gut, danke aber für alles ersma ... !

Hi

Ob wirklich alles notwendig ist (Reinigen etc.) hängt von der allgemeinen Sicherheit des Netzwerkes ab, aber wenn ein Netzwerk schon das "Einschleusen" solcher Viren und Co. zuläßt, dann sieht es mit der internen Security vermutlich nicht wirklich besser aus (ist so mein Tip/Vermutung)

Gruß
Andy

So, hier nochmal das escan ergebnis.
Hab es allerdings bereinigt, weil die original-datei 4 mb groß war.
einträge die nicht viren-o.ä.-relevant waren hab ich geschnitten.

Ich bitte jemanden um weitere tipps.
Sieht aber glaub ich garnicht gut aus.

der erste teil :

Tue Apr 05 11:39:16 2005 => **********************************************************
Tue Apr 05 11:39:16 2005 => MicroWorld AntiVirus Toolkit Utility.
Tue Apr 05 11:39:16 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Tue Apr 05 11:39:16 2005 => **********************************************************
Tue Apr 05 11:39:16 2005 => Version 6.0.5 (C:\bases\mwavscan.com)
Tue Apr 05 11:39:16 2005 => Log File: C:\bases\MWAV.LOG
Tue Apr 05 11:39:16 2005 => Latest Date of files inside MWAV: 04 Apr 2005 11:31:37.
Tue Apr 05 11:39:21 2005 => AV Library Loaded...
Tue Apr 05 11:39:21 2005 => MWAV doing self scanning...
Tue Apr 05 11:39:21 2005 => Scanning File C:\bases\kavss.exe
Tue Apr 05 11:39:21 2005 => Scanning File C:\bases\Getvlist.exe
Tue Apr 05 11:39:22 2005 => Scanning File C:\bases\kavss.dll
Tue Apr 05 11:39:22 2005 => Scanning File C:\bases\kavssdi.dll
Tue Apr 05 11:39:22 2005 => Scanning File C:\bases\kavssi.dll
Tue Apr 05 11:39:22 2005 => Scanning File C:\bases\kavvlg.dll
Tue Apr 05 11:39:22 2005 => Scanning File C:\bases\msvlclnt.dll
Tue Apr 05 11:39:22 2005 => Scanning File C:\bases\ipc.dll
Tue Apr 05 11:39:22 2005 => Scanning File C:\bases\main.avi
Tue Apr 05 11:39:22 2005 => Scanning File C:\bases\virus.avi
Tue Apr 05 11:39:22 2005 => MWAV files are clean.
Tue Apr 05 11:39:22 2005 => Virus Database Date: 2005/04/04
Tue Apr 05 11:39:22 2005 => Virus Database Count: 124577

Tue Apr 05 11:39:38 2005 => **********************************************************
Tue Apr 05 11:39:38 2005 => MicroWorld AntiVirus Toolkit Utility.
Tue Apr 05 11:39:38 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Tue Apr 05 11:39:38 2005 =>
Tue Apr 05 11:39:38 2005 => Support: support@mwti.net
Tue Apr 05 11:39:38 2005 => Web: http://www.mwti.net
Tue Apr 05 11:39:38 2005 => **********************************************************
Tue Apr 05 11:39:38 2005 => Version 6.0.5 (C:\bases\mwavscan.com)
Tue Apr 05 11:39:38 2005 => Log File: C:\bases\MWAV.LOG
Tue Apr 05 11:39:38 2005 => User Account: b7
Tue Apr 05 11:39:38 2005 => Windows Root Folder: C:\WINNT
Tue Apr 05 11:39:38 2005 => Windows Sys32 Folder: C:\WINNT\system32
Tue Apr 05 11:39:38 2005 => OS: Windows NT
Tue Apr 05 11:39:38 2005 => Latest Date of files inside MWAV: 04 Apr 2005 11:31:37.

Tue Apr 05 11:39:38 2005 => Options Selected by User:
Tue Apr 05 11:39:38 2005 => Memory Check: Enabled
Tue Apr 05 11:39:38 2005 => Registry Check: Enabled
Tue Apr 05 11:39:38 2005 => StartUp Folder Check: Enabled
Tue Apr 05 11:39:38 2005 => System Folder Check: Enabled
Tue Apr 05 11:39:38 2005 => System Area Check: Disabled
Tue Apr 05 11:39:38 2005 => Services Check: Enabled
Tue Apr 05 11:39:38 2005 => Drive Check: Disabled
Tue Apr 05 11:39:38 2005 => All Drive Check :Enabled
Tue Apr 05 11:39:38 2005 => Folder Check: Disabled

Tue Apr 05 11:39:38 2005 => ***** Scanning Memory Files *****

Tue Apr 05 11:40:04 2005 => Scanning File C:\WINNT\system32\dev32.exe
Tue Apr 05 11:40:10 2005 => File C:\WINNT\system32\dev32.exe infected by "Trojan.Win32.Agent.ca" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:40:24 2005 => Scanning File C:\WINNT\system32\unic2_32.dll
Tue Apr 05 11:40:24 2005 => File C:\WINNT\system32\unic2_32.dll infected by "Trojan-Downloader.Win32.Small.aph" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:30 2005 => Scanning File C:\WINNT\Pqv.exe
Tue Apr 05 11:40:30 2005 => File C:\WINNT\Pqv.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:30 2005 => Scanning File C:\WINNT\system32\ntddetect.exe
Tue Apr 05 11:40:30 2005 => File C:\WINNT\system32\ntddetect.exe infected by "Trojan-Proxy.Win32.Agent.eh" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:30 2005 => Scanning File C:\WINNT\system32\internat.exe
Tue Apr 05 11:40:30 2005 => Scanning File C:\WINNT\system32\x3yy\bbabjdjh.exe
Tue Apr 05 11:40:30 2005 => File C:\WINNT\system32\x3yy\bbabjdjh.exe infected by "Trojan-Downloader.Win32.Small.aph" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:30 2005 => Scanning File C:\WINNT\system32\asro.exe
Tue Apr 05 11:40:31 2005 => File C:\WINNT\system32\asro.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:31 2005 => Scanning File C:\WINNT\system32\??rss.exe
Tue Apr 05 11:40:31 2005 => Result: ERROR!!! File C:\WINNT\system32\??rss.exe: Scanning Failure!!!
Tue Apr 05 11:40:31 2005 => ERROR!!! ScanFile Failed Once. Trying to scan again...
Tue Apr 05 11:40:31 2005 => Scanning File C:\WINNT\system32\??rss.exe
Tue Apr 05 11:40:31 2005 => Result: ERROR!!! File C:\WINNT\system32\??rss.exe: Scanning Failure!!!
Tue Apr 05 11:40:31 2005 => ERROR!!! ScanFile Failed Twice. Trying to scan again...
Tue Apr 05 11:40:31 2005 => Scanning File C:\WINNT\system32\??rss.exe
Tue Apr 05 11:40:31 2005 => Result: ERROR!!! File C:\WINNT\system32\??rss.exe: Scanning Failure!!!
Tue Apr 05 11:40:31 2005 => ERROR!!! ScanFile Failed Thrice!!!


Tue Apr 05 11:40:33 2005 => ***** Scanning Registry Files *****

Tue Apr 05 11:40:35 2005 => Scanning File C:\WINNT\system32\dals.dll
Tue Apr 05 11:40:35 2005 => File C:\WINNT\system32\dals.dll infected by "not-a-virus:AdWare.PurityScan.ak" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:40:35 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

Tue Apr 05 11:40:49 2005 => Scanning File C:\WINNT\Pqv.exe
Tue Apr 05 11:40:49 2005 => File C:\WINNT\Pqv.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:49 2005 => Scanning File C:\WINNT\system32\ntddetect.exe
Tue Apr 05 11:40:49 2005 => File C:\WINNT\system32\ntddetect.exe infected by "Trojan-Proxy.Win32.Agent.eh" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:49 2005 => Scanning File C:\WINNT\Eiv.exe
Tue Apr 05 11:40:49 2005 => File C:\WINNT\Eiv.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => ERROR!!! Invalid Entry WinTools = C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Removing it.
Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\system32\Jfn.exe
Tue Apr 05 11:40:50 2005 => File C:\WINNT\system32\Jfn.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\system32\Fqe.exe
Tue Apr 05 11:40:50 2005 => File C:\WINNT\system32\Fqe.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\Gjs.exe
Tue Apr 05 11:40:50 2005 => File C:\WINNT\Gjs.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\Eef.exe
Tue Apr 05 11:40:50 2005 => File C:\WINNT\Eef.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\Vha.exe
Tue Apr 05 11:40:50 2005 => File C:\WINNT\Vha.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\system32\Mug.exe
Tue Apr 05 11:40:50 2005 => File C:\WINNT\system32\Mug.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\Rvp.exe
Tue Apr 05 11:40:50 2005 => File C:\WINNT\Rvp.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\system32\Kcl.exe
Tue Apr 05 11:40:50 2005 => File C:\WINNT\system32\Kcl.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\system32\Ktc.exe
Tue Apr 05 11:40:50 2005 => File C:\WINNT\system32\Ktc.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\Und.exe
Tue Apr 05 11:40:50 2005 => File C:\WINNT\Und.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\Lvt.exe
Tue Apr 05 11:40:50 2005 => File C:\WINNT\Lvt.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:50 2005 => Scanning File C:\WINNT\system32\Hud.exe
Tue Apr 05 11:40:51 2005 => File C:\WINNT\system32\Hud.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:51 2005 => Scanning File C:\WINNT\Ksq.exe
Tue Apr 05 11:40:51 2005 => File C:\WINNT\Ksq.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:51 2005 => Scanning File C:\WINNT\system32\Acg.exe
Tue Apr 05 11:40:51 2005 => File C:\WINNT\system32\Acg.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:51 2005 => Scanning File C:\WINNT\system32\Vie.exe
Tue Apr 05 11:40:51 2005 => File C:\WINNT\system32\Vie.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:51 2005 => Scanning File C:\WINNT\system32\Jkp.exe
Tue Apr 05 11:40:51 2005 => File C:\WINNT\system32\Jkp.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:51 2005 => Scanning File C:\WINNT\Hcl.exe
Tue Apr 05 11:40:51 2005 => File C:\WINNT\Hcl.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:51 2005 => Scanning File C:\WINNT\Pcg.exe
Tue Apr 05 11:40:51 2005 => File C:\WINNT\Pcg.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:51 2005 => Scanning File C:\WINNT\system32\Jco.exe
Tue Apr 05 11:40:51 2005 => File C:\WINNT\system32\Jco.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:51 2005 => Scanning File C:\WINNT\Kue.exe
Tue Apr 05 11:40:51 2005 => File C:\WINNT\Kue.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:51 2005 => Scanning File C:\WINNT\Acp.exe
Tue Apr 05 11:40:51 2005 => File C:\WINNT\Acp.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:51 2005 => Scanning File C:\WINNT\system32\Bgq.exe
Tue Apr 05 11:40:52 2005 => File C:\WINNT\system32\Bgq.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:52 2005 => Scanning File C:\WINNT\Cck.exe
Tue Apr 05 11:40:52 2005 => File C:\WINNT\Cck.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:52 2005 => Scanning File C:\WINNT\Aud.exe
Tue Apr 05 11:40:52 2005 => File C:\WINNT\Aud.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:52 2005 => Scanning File C:\WINNT\system32\Atp.exe
Tue Apr 05 11:40:52 2005 => File C:\WINNT\system32\Atp.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:52 2005 => Scanning File C:\WINNT\system32\Fkj.exe
Tue Apr 05 11:40:52 2005 => File C:\WINNT\system32\Fkj.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:52 2005 => Scanning File C:\WINNT\system32\Nkq.exe
Tue Apr 05 11:40:52 2005 => File C:\WINNT\system32\Nkq.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:52 2005 => Scanning File C:\WINNT\system32\Jnf.exe
Tue Apr 05 11:40:52 2005 => File C:\WINNT\system32\Jnf.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:40:52 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Tue Apr 05 11:40:52 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Tue Apr 05 11:40:52 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Tue Apr 05 11:40:52 2005 => Scanning File C:\WINNT\system32\ntddetect.exe

Tue Apr 05 11:40:52 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Tue Apr 05 11:40:52 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Apr 05 11:40:52 2005 => Scanning File C:\WINNT\system32\internat.exe
Tue Apr 05 11:40:52 2005 => Scanning File C:\WINNT\Pqv.exe
Tue Apr 05 11:40:52 2005 => Scanning File C:\WINNT\system32\x3yy\bbabjdjh.exe
Tue Apr 05 11:40:53 2005 => File C:\WINNT\system32\x3yy\bbabjdjh.exe infected by "Trojan-Downloader.Win32.Small.aph" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:53 2005 => Scanning File C:\WINNT\system32\ntddetect.exe
Tue Apr 05 11:40:53 2005 => Scanning File C:\WINNT\system32\asro.exe
Tue Apr 05 11:40:53 2005 => File C:\WINNT\system32\asro.exe infected by "not-a-virus:AdWare.PurityScan.w" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:40:53 2005 => ERROR!!! Invalid Entry Drmsgi = C:\WINNT\system32\??rss.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Removing it.

Tue Apr 05 11:41:03 2005 => Scanning File C:\WINNT\system32\dev32.exe
Tue Apr 05 11:41:03 2005 => File C:\WINNT\system32\dev32.exe infected by "Trojan.Win32.Agent.ca" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:16 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Tue Apr 05 11:41:16 2005 => Scanning File C:\WINNT\system32\JAVASUP.VXD
Tue Apr 05 11:41:16 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken.
Tue Apr 05 11:41:16 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:17 2005 => Offending value found in HKCU\Software\saap !!!
Tue Apr 05 11:41:17 2005 => System found infected with saap Spyware/Adware! Action taken: No Action Taken.
Tue Apr 05 11:41:17 2005 => File System Found infected by "saap Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:25 2005 => System found infected with peopleonpage Spyware/Adware (load.exe)! Action taken: No Action Taken.
Tue Apr 05 11:41:25 2005 => File System Found infected by "peopleonpage Spyware/Adware" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:41:25 2005 => ***** Scanning System32 Folders *****

Tue Apr 05 11:41:25 2005 => Scanning File C:\WINNT\Aqo.html
Tue Apr 05 11:41:25 2005 => File C:\WINNT\Aqo.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:25 2005 => Scanning File C:\WINNT\Cjf.html
Tue Apr 05 11:41:25 2005 => File C:\WINNT\Cjf.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:26 2005 => Scanning File C:\WINNT\desktop.html
Tue Apr 05 11:41:26 2005 => File C:\WINNT\desktop.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:29 2005 => Scanning File C:\WINNT\installer_SIAC.exe
Tue Apr 05 11:41:30 2005 => File C:\WINNT\installer_SIAC.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:41:33 2005 => Scanning File C:\WINNT\Kta.html
Tue Apr 05 11:41:34 2005 => File C:\WINNT\Kta.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:34 2005 => Scanning File C:\WINNT\Kue.exe
Tue Apr 05 11:41:34 2005 => Scanning File C:\WINNT\loader32.exe
Tue Apr 05 11:41:34 2005 => File C:\WINNT\loader32.exe infected by "Trojan-Dropper.Win32.Joiner.aj" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:41:34 2005 => Scanning File C:\WINNT\ms2.exe
Tue Apr 05 11:41:34 2005 => File C:\WINNT\ms2.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:41:35 2005 => Scanning File C:\WINNT\popup.html
Tue Apr 05 11:41:35 2005 => File C:\WINNT\popup.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:37 2005 => Scanning File C:\WINNT\shop1004.exe
Tue Apr 05 11:41:39 2005 => File C:\WINNT\shop1004.exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:40 2005 => Scanning File C:\WINNT\tool.exe
Tue Apr 05 11:41:42 2005 => File C:\WINNT\tool.exe infected by "Trojan.Win32.LowZones.y" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:43 2005 => Scanning File C:\WINNT\ucmoreiex.exe
Tue Apr 05 11:41:45 2005 => File C:\WINNT\ucmoreiex.exe infected by "not-a-virus:AdWare.ToolBar.Ucmore.a" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:47 2005 => Scanning File C:\WINNT\webdlg32.dll
Tue Apr 05 11:41:47 2005 => File C:\WINNT\webdlg32.dll infected by "not-a-virus:AdWare.ToolBar.SBSoft.g" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:41:49 2005 => Scanning File C:\WINNT\winsx.dll
Tue Apr 05 11:41:50 2005 => File C:\WINNT\winsx.dll infected by "not-a-virus:AdWare.Puper.c" Virus. Action Taken: No Action Taken.

der zweite teil :


Tue Apr 05 11:45:15 2005 => Scanning File C:\WINNT\system32\tibs.exe
Tue Apr 05 11:45:17 2005 => File C:\WINNT\system32\tibs.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:45:20 2005 => Scanning File C:\WINNT\system32\unic2_32.dll
Tue Apr 05 11:45:20 2005 => File C:\WINNT\system32\unic2_32.dll infected by "Trojan-Downloader.Win32.Small.aph" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:45:44 2005 => Result: ERROR!!! File C:\WINNT\system32\??rss.exe: Scanning Failure!!!
Tue Apr 05 11:45:44 2005 => ERROR!!! ScanFile fails for C:\WINNT\system32\??rss.exe


Tue Apr 05 11:45:58 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\Temp\dev32.exe
Tue Apr 05 11:45:59 2005 => File C:\DOKUME~1\b7\LOKALE~1\Temp\dev32.exe infected by "Trojan.Win32.Agent.ca" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:46:08 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\Temp\i5E.tmp
Tue Apr 05 11:46:09 2005 => File C:\DOKUME~1\b7\LOKALE~1\Temp\i5E.tmp infected by "not-a-virus:AdWare.SurfSide.a" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:46:19 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\Temp\setup4002b.cab
Tue Apr 05 11:46:20 2005 => File C:\DOKUME~1\b7\LOKALE~1\Temp\setup4002b.cab infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:46:20 2005 => Scanning Folder: C:\DOKUME~1\b7\LOKALE~1\Temp\SFTPDROP\*.*
Tue Apr 05 11:46:20 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\Temp\shop1004.exe
Tue Apr 05 11:46:22 2005 => File C:\DOKUME~1\b7\LOKALE~1\Temp\shop1004.exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:46:22 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\Temp\SilentSetup.log
Tue Apr 05 11:46:22 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\Temp\snaa.dxf_exp_1.log
Tue Apr 05 11:46:22 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\Temp\SskUpdater.exe
Tue Apr 05 11:46:23 2005 => File C:\DOKUME~1\b7\LOKALE~1\Temp\SskUpdater.exe infected by "not-a-virus:AdWare.TotalVelocity.v" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:46:23 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\Temp\start.htm
Tue Apr 05 11:46:23 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\Temp\tb_un.log
Tue Apr 05 11:46:23 2005 => Scanning Folder: C:\DOKUME~1\b7\LOKALE~1\Temp\temp.fr12D4\*.*
Tue Apr 05 11:46:23 2005 => Scanning Folder: C:\DOKUME~1\b7\LOKALE~1\Temp\temp.fr12D4\bin\*.*
Tue Apr 05 11:46:23 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\Temp\temp.fr12D4\bin\bargains.exe
Tue Apr 05 11:46:23 2005 => File C:\DOKUME~1\b7\LOKALE~1\Temp\temp.fr12D4\bin\bargains.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:46:25 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\Temp\tr57.exe
Tue Apr 05 11:46:25 2005 => File C:\DOKUME~1\b7\LOKALE~1\Temp\tr57.exe infected by "Trojan-Proxy.Win32.Agent.eh" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:46:31 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\4HW7KRKR\track4[1].htm
Tue Apr 05 11:46:31 2005 => File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\4HW7KRKR\track4[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:46:44 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\GTYVKDQ3\STATS21[1].CHM
Tue Apr 05 11:46:45 2005 => File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\GTYVKDQ3\STATS21[1].CHM infected by "Trojan-Downloader.JS.Psyme.n" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:46:51 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\NMJVTFJO\send_car_int[1].htm
Tue Apr 05 11:46:51 2005 => File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\NMJVTFJO\send_car_int[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:46:52 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\S5IJGLAN\inst21[1].exe
Tue Apr 05 11:46:52 2005 => File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\S5IJGLAN\inst21[1].exe infected by "Trojan-Downloader.Win32.Small.apm" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:46:55 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\SD4BQJ8B\TRACK4[1].CHM
Tue Apr 05 11:46:55 2005 => File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\SD4BQJ8B\TRACK4[1].CHM infected by "Trojan-Downloader.VBS.Psyme.v" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:46:57 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\STIVWLAZ\stats21[1].htm
Tue Apr 05 11:46:57 2005 => File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\STIVWLAZ\stats21[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:46:57 2005 => Scanning File C:\DOKUME~1\b7\LOKALE~1\TEMPOR~1\Content.IE5\STIVWLAZ\vbulletin_stdedit[1].js

Tue Apr 05 11:46:57 2005 => ***** Scanning All Drives *****

Tue Apr 05 11:52:30 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Internet Optimizer\update\optimize313.exe
Tue Apr 05 11:52:31 2005 => File C:\Dokumente und Einstellungen\b7\Internet Optimizer\update\optimize313.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:53:29 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\dev32.exe
Tue Apr 05 11:53:30 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\dev32.exe infected by "Trojan.Win32.Agent.ca" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:53:40 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\i5E.tmp
Tue Apr 05 11:53:40 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\i5E.tmp infected by "not-a-virus:AdWare.SurfSide.a" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:53:50 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\setup4002b.cab
Tue Apr 05 11:53:51 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\setup4002b.cab infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:53:51 2005 => Scanning Folder: C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\SFTPDROP\*.*
Tue Apr 05 11:53:51 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\shop1004.exe
Tue Apr 05 11:53:53 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\shop1004.exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:53:53 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\SilentSetup.log
Tue Apr 05 11:53:53 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\snaa.dxf_exp_1.log
Tue Apr 05 11:53:53 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\SskUpdater.exe
Tue Apr 05 11:53:54 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\SskUpdater.exe infected by "not-a-virus:AdWare.TotalVelocity.v" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:53:54 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\temp.fr12D4\bin\bargains.exe
Tue Apr 05 11:53:54 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\temp.fr12D4\bin\bargains.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:53:55 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\tr57.exe
Tue Apr 05 11:53:56 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temp\tr57.exe infected by "Trojan-Proxy.Win32.Agent.eh" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:54:01 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HW7KRKR\track4[1].htm
Tue Apr 05 11:54:01 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HW7KRKR\track4[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:54:13 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GTYVKDQ3\STATS21[1].CHM
Tue Apr 05 11:54:13 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GTYVKDQ3\STATS21[1].CHM infected by "Trojan-Downloader.JS.Psyme.n" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:54:19 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NMJVTFJO\send_car_int[1].htm
Tue Apr 05 11:54:19 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NMJVTFJO\send_car_int[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:54:20 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\S5IJGLAN\inst21[1].exe
Tue Apr 05 11:54:20 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\S5IJGLAN\inst21[1].exe infected by "Trojan-Downloader.Win32.Small.apm" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:54:23 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SD4BQJ8B\TRACK4[1].CHM
Tue Apr 05 11:54:23 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SD4BQJ8B\TRACK4[1].CHM infected by "Trojan-Downloader.VBS.Psyme.v" Virus. Action Taken: No Action Taken.


Tue Apr 05 11:54:25 2005 => Scanning File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STIVWLAZ\stats21[1].htm
Tue Apr 05 11:54:25 2005 => File C:\Dokumente und Einstellungen\b7\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STIVWLAZ\stats21[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.



Tue Apr 05 12:49:31 2005 => Scanning File C:\w32_API.cab
Tue Apr 05 12:49:31 2005 => File C:\w32_API.cab infected by "Trojan-Downloader.Win32.Agent.cb" Virus. Action Taken: No Action Taken.


Tue Apr 05 12:53:11 2005 => Scanning File C:\WINNT\Adg.exe
Tue Apr 05 12:53:11 2005 => File C:\WINNT\Adg.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 12:53:12 2005 => Scanning File C:\WINNT\Aqo.html
Tue Apr 05 12:53:12 2005 => File C:\WINNT\Aqo.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 12:53:40 2005 => Scanning File C:\WINNT\Cck.exe
Tue Apr 05 12:53:40 2005 => Scanning File C:\WINNT\Cjf.html
Tue Apr 05 12:53:40 2005 => File C:\WINNT\Cjf.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.


Tue Apr 05 12:53:55 2005 => Scanning File C:\WINNT\desktop.html
Tue Apr 05 12:53:55 2005 => File C:\WINNT\desktop.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.


Tue Apr 05 12:53:56 2005 => Scanning File C:\WINNT\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx
Tue Apr 05 12:53:56 2005 => File C:\WINNT\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx infected by "not-a-virus:AdWare.MediaTickets.f" Virus. Action Taken: No Action Taken.


Tue Apr 05 12:53:57 2005 => Scanning File C:\WINNT\Downloaded Program Files\load.exe
Tue Apr 05 12:53:58 2005 => File C:\WINNT\Downloaded Program Files\load.exe infected by "Trojan-Downloader.Win32.Small.aod" Virus. Action Taken: No Action Taken.

Tue Apr 05 12:56:46 2005 => Scanning File C:\WINNT\Gjs.exe
Tue Apr 05 12:56:46 2005 => Scanning File C:\WINNT\Gqo.exe
Tue Apr 05 12:56:46 2005 => File C:\WINNT\Gqo.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:02:28 2005 => Scanning File C:\WINNT\installer_SIAC.exe
Tue Apr 05 13:02:28 2005 => File C:\WINNT\installer_SIAC.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:03:42 2005 => Scanning File C:\WINNT\Kta.html
Tue Apr 05 13:03:42 2005 => File C:\WINNT\Kta.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:03:42 2005 => Scanning File C:\WINNT\Kue.exe
Tue Apr 05 13:03:42 2005 => Scanning File C:\WINNT\loader32.exe
Tue Apr 05 13:03:42 2005 => File C:\WINNT\loader32.exe infected by "Trojan-Dropper.Win32.Joiner.aj" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:03:46 2005 => Scanning File C:\WINNT\ms2.exe
Tue Apr 05 13:03:46 2005 => File C:\WINNT\ms2.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:03:50 2005 => Scanning File C:\WINNT\popup.html
Tue Apr 05 13:03:50 2005 => File C:\WINNT\popup.html infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:07:44 2005 => Scanning File C:\WINNT\shop1004.exe
Tue Apr 05 13:07:47 2005 => File C:\WINNT\shop1004.exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.


Tue Apr 05 13:08:44 2005 => Scanning File C:\WINNT\system32\Dgs.exe
Tue Apr 05 13:08:44 2005 => File C:\WINNT\system32\Dgs.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:12:39 2005 => Scanning Folder: C:\WINNT\system32\drivers\etc\*.*
Tue Apr 05 13:12:39 2005 => Scanning File C:\WINNT\system32\drivers\etc\hosts [**]
Tue Apr 05 13:12:39 2005 => Scanning File C:\WINNT\system32\drivers\etc\hosts.bak
Tue Apr 05 13:12:39 2005 => File C:\WINNT\system32\drivers\etc\hosts.bak infected by "Trojan.Win32.Qhost.k" Virus. Action Taken: No Action Taken.


Tue Apr 05 13:16:32 2005 => Scanning File C:\WINNT\system32\tibs.exe
Tue Apr 05 13:16:34 2005 => File C:\WINNT\system32\tibs.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:16:37 2005 => Scanning File C:\WINNT\system32\unic2_32.dll
Tue Apr 05 13:16:38 2005 => File C:\WINNT\system32\unic2_32.dll infected by "Trojan-Downloader.Win32.Small.aph" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:16:44 2005 => Scanning File C:\WINNT\system32\Vhc.exe
Tue Apr 05 13:16:44 2005 => File C:\WINNT\system32\Vhc.exe infected by "Trojan-Clicker.Win32.Spywad.b" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:17:19 2005 => Scanning File C:\WINNT\tool.exe
Tue Apr 05 13:17:21 2005 => File C:\WINNT\tool.exe infected by "Trojan.Win32.LowZones.y" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:17:22 2005 => Scanning File C:\WINNT\ucmoreiex.exe
Tue Apr 05 13:17:24 2005 => File C:\WINNT\ucmoreiex.exe infected by "not-a-virus:AdWare.ToolBar.Ucmore.a" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:17:34 2005 => Scanning File C:\WINNT\webdlg32.dll
Tue Apr 05 13:17:34 2005 => File C:\WINNT\webdlg32.dll infected by "not-a-virus:AdWare.ToolBar.SBSoft.g" Virus. Action Taken: No Action Taken.

Tue Apr 05 13:18:07 2005 => Scanning File C:\WINNT\winsx.dll
Tue Apr 05 13:18:08 2005 => File C:\WINNT\winsx.dll infected by "not-a-virus:AdWare.Puper.c" Virus. Action Taken: No Action Taken.



Tue Apr 05 13:25:40 2005 => ***** Checking for specific ITW Viruses *****
Tue Apr 05 13:25:40 2005 => Checking for Welchia Virus...
Tue Apr 05 13:25:40 2005 => Checking for LovGate Virus...
Tue Apr 05 13:25:40 2005 => Checking for CodeRed Virus...
Tue Apr 05 13:25:40 2005 => Checking for OpaServ Virus...
Tue Apr 05 13:25:40 2005 => Checking for Sobig.e Virus...
Tue Apr 05 13:25:40 2005 => Checking for Winupie Virus...
Tue Apr 05 13:25:40 2005 => Checking for Swen Virus...
Tue Apr 05 13:25:40 2005 => Checking for JS.Fortnight Virus...
Tue Apr 05 13:25:40 2005 => Checking for Novarg Virus...
Tue Apr 05 13:25:41 2005 => Checking for Pagabot Virus...
Tue Apr 05 13:25:41 2005 => Checking for Parite.b Virus...
Tue Apr 05 13:25:41 2005 => Checking for Parite.a Virus...

Tue Apr 05 13:25:41 2005 => ***** Scanning complete. *****

Tue Apr 05 13:25:41 2005 => Total Objects Scanned: 41276
Tue Apr 05 13:25:41 2005 => Total Virus(es) Found: 154
Tue Apr 05 13:25:41 2005 => Total Disinfected Files: 0
Tue Apr 05 13:25:41 2005 => Total Files Renamed: 0
Tue Apr 05 13:25:41 2005 => Total Deleted Objects: 0
Tue Apr 05 13:25:41 2005 => Total Errors: 36
Tue Apr 05 13:25:41 2005 => Time Elapsed: 01:45:53
Tue Apr 05 13:25:41 2005 => Virus Database Date: 2005/04/04
Tue Apr 05 13:25:41 2005 => Virus Database Count: 124577

Tue Apr 05 13:25:41 2005 => Scan Completed.

hat sich erledigt.
entsprechende rechner teils neu aufgesetzt, teils gereinigt.
mal sehen ob wirklich alle weg sind


dickes danke an alle helfer