HiJackThis Logs und eScan log bitte mal nachschauen

skiller · 06.02.2005, 16:34

Hallo habe viruse kann sie aber nicht löschen bitte mal nachkucken und mir einen rat geben danke ..

Logfile of HijackThis v1.99.0
Scan saved at 16:32:01, on 06.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Melanie\Eigene Dateien\Virus Programme\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goggle.de/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE

eScan LOG :

Tagged :

Sun Feb 06 16:05:28 2005 => Scanning File C:\WINDOWS\system32\rk.exe
Sun Feb 06 16:05:28 2005 => File C:\WINDOWS\system32\rk.exe tagged as not-a-virus:RiskWare.Proxy.MarketScore.k. No Action Taken.

Sun Feb 06 16:05:28 2005 => File C:\WINDOWS\system32\rk.bin tagged as not-a-virus:RiskWare.Proxy.MarketScore.k. No Action Taken.

Sun Feb 06 15:45:53 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Sun Feb 06 15:42:59 2005 => File C:\Programme\AOL 9.0a\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Sun Feb 06 15:42:18 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Sun Feb 06 15:36:11 2005 => File C:\WINDOWS\System32\rk.exe tagged as not-a-virus:RiskWare.Proxy.MarketScore.k. No Action Taken.

Sun Feb 06 15:36:10 2005 => File C:\WINDOWS\System32\rk.bin tagged as not-a-virus:RiskWare.Proxy.MarketScore.k. No Action Taken

infected :

Sun Feb 06 15:36:34 2005 => File C:\WINDOWS\System32\wd.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:36:46 2005 => File C:\WINDOWS\System32\wtl32a.exe infected by "Trojan-Clicker.Win32.Agent.bd" Virus. Action Taken: No Action Taken

Sun Feb 06 15:36:51 2005 => File C:\DOKUME~1\Melanie\LOKALE~1\Temp\msi4A.exe infected by "Trojan-Downloader.Win32.Small.aha" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:36:51 2005 => File C:\DOKUME~1\Melanie\LOKALE~1\Temp\msi4B.exe infected by "Trojan-Downloader.Win32.Agent.iw" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:41:29 2005 => File C:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\Temp\msi4A.exe infected by "Trojan-Downloader.Win32.Small.aha" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:41:29 2005 => File C:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\Temp\msi4B.exe infected by "Trojan-Downloader.Win32.Agent.iw" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0000044.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0000078.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0000080.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0000084.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0001086.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0002086.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0002091.exe infected by "not-a-virus:AdWare.SaveNow.v" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0002092.exe infected by "not-a-virus:AdWare.SaveNow.bc" Virus. Action Taken: No Action Taken

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0002094.exe infected by "not-a-virus:AdWare.SaveNow.bc" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0003085.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0003088.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0003105.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0003115.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0003118.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:54:18 2005 => File C:\WINDOWS\dvpd.dll infected by "Trojan-Spy.Win32.Dumarin.l" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:56:36 2005 => File C:\WINDOWS\hosts infected by "Trojan.Win32.Qhost.ay" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:59:56 2005 => File C:\WINDOWS\system32\cm.dll infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Sun Feb 06 16:04:14 2005 => File C:\WINDOWS\system32\hiden.exe infected by "Trojan-Downloader.Win32.Agent.iw" Virus. Action Taken: No Action Taken.

Sun Feb 06 16:04:14 2005 => File C:\WINDOWS\system32\hm.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Sun Feb 06 16:04:17 2005 => File C:\WINDOWS\system32\ieexec.exe infected by "Trojan.Win32.Zapchast" Virus. Action Taken: No Action Taken.

Sun Feb 06 16:05:17 2005 => File C:\WINDOWS\system32\porynt.dll infected by "Trojan-Downloader.Win32.Small.ajb" Virus. Action Taken: No Action Taken.

Sun Feb 06 16:06:10 2005 => File C:\WINDOWS\system32\wd.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken

un Feb 06 16:06:23 2005 => File C:\WINDOWS\system32\wtl32a.exe infected by "Trojan-Clicker.Win32.Agent.bd" Virus. Action Taken: No Action Taken

Sun Feb 06 16:06:34 2005 => ***** Scanning complete. *****

Sun Feb 06 16:06:34 2005 => Total Files Scanned: 18846
Sun Feb 06 16:06:34 2005 => Total Virus(es) Found: 46
Sun Feb 06 16:06:34 2005 => Total Disinfected Files: 0
Sun Feb 06 16:06:34 2005 => Total Files Renamed: 0
Sun Feb 06 16:06:34 2005 => Total Deleted Files: 0
Sun Feb 06 16:06:34 2005 => Total Errors: 16
Sun Feb 06 16:06:34 2005 => Time Elapsed: 00:32:47
Sun Feb 06 16:06:34 2005 => Virus Database Date: 2005/02/05
Sun Feb 06 16:06:34 2005 => Virus Database Count: 117200

Sun Feb 06 16:06:34 2005 => Scan Completed.

Danke im vorraus

Chris14 · 06.02.2005, 16:36

ohoh.. ein rootkit und ein backdoor..
dein system ist kompromittiert; es ist nicht mehr vertrauenswürdig.
installiere windows neu und beachte diese Anleitung

HiJackThis Logs und eScan log bitte mal nachschauen

Log-Analyse und Auswertung: HiJackThis Logs und eScan log bitte mal nachschauen

HiJackThis Logs und eScan log bitte mal nachschauen

HiJackThis Logs und eScan log bitte mal nachschauen

Ähnliche Themen: HiJackThis Logs und eScan log bitte mal nachschauen

06.02.2005, 16:36	#2
Chris14	HiJackThis Logs und eScan log bitte mal nachschauen ohoh.. ein rootkit und ein backdoor.. dein system ist kompromittiert; es ist nicht mehr vertrauenswürdig. installiere windows neu und beachte diese Anleitung __________________