HiJackThis Logs und eScan log bitte mal nachschauen
 

Hallo habe viruse kann sie aber nicht löschen bitte mal nachkucken und mir einen rat geben danke ..


Logfile of HijackThis v1.99.0
Scan saved at 16:32:01, on 06.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Melanie\Eigene Dateien\Virus Programme\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goggle.de/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE


eScan LOG :


Tagged :

Sun Feb 06 16:05:28 2005 => Scanning File C:\WINDOWS\system32\rk.exe
Sun Feb 06 16:05:28 2005 => File C:\WINDOWS\system32\rk.exe tagged as not-a-virus:RiskWare.Proxy.MarketScore.k. No Action Taken.

Sun Feb 06 16:05:28 2005 => File C:\WINDOWS\system32\rk.bin tagged as not-a-virus:RiskWare.Proxy.MarketScore.k. No Action Taken.

Sun Feb 06 15:45:53 2005 => File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Sun Feb 06 15:42:59 2005 => File C:\Programme\AOL 9.0a\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Sun Feb 06 15:42:18 2005 => File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Sun Feb 06 15:36:11 2005 => File C:\WINDOWS\System32\rk.exe tagged as not-a-virus:RiskWare.Proxy.MarketScore.k. No Action Taken.

Sun Feb 06 15:36:10 2005 => File C:\WINDOWS\System32\rk.bin tagged as not-a-virus:RiskWare.Proxy.MarketScore.k. No Action Taken

infected :

Sun Feb 06 15:36:34 2005 => File C:\WINDOWS\System32\wd.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:36:46 2005 => File C:\WINDOWS\System32\wtl32a.exe infected by "Trojan-Clicker.Win32.Agent.bd" Virus. Action Taken: No Action Taken

Sun Feb 06 15:36:51 2005 => File C:\DOKUME~1\Melanie\LOKALE~1\Temp\msi4A.exe infected by "Trojan-Downloader.Win32.Small.aha" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:36:51 2005 => File C:\DOKUME~1\Melanie\LOKALE~1\Temp\msi4B.exe infected by "Trojan-Downloader.Win32.Agent.iw" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:41:29 2005 => File C:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\Temp\msi4A.exe infected by "Trojan-Downloader.Win32.Small.aha" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:41:29 2005 => File C:\Dokumente und Einstellungen\Melanie\Lokale Einstellungen\Temp\msi4B.exe infected by "Trojan-Downloader.Win32.Agent.iw" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0000044.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0000078.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0000080.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0000084.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.


Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0001086.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0002086.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0002091.exe infected by "not-a-virus:AdWare.SaveNow.v" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0002092.exe infected by "not-a-virus:AdWare.SaveNow.bc" Virus. Action Taken: No Action Taken

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0002094.exe infected by "not-a-virus:AdWare.SaveNow.bc" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0003085.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0003088.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0003105.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0003115.exe infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Information\_restore{A22A9C1A-DA11-4EC3-942F-B8FD7D833F76}\RP1\A0003118.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:54:18 2005 => File C:\WINDOWS\dvpd.dll infected by "Trojan-Spy.Win32.Dumarin.l" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:56:36 2005 => File C:\WINDOWS\hosts infected by "Trojan.Win32.Qhost.ay" Virus. Action Taken: No Action Taken.

Sun Feb 06 15:59:56 2005 => File C:\WINDOWS\system32\cm.dll infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.


Sun Feb 06 16:04:14 2005 => File C:\WINDOWS\system32\hiden.exe infected by "Trojan-Downloader.Win32.Agent.iw" Virus. Action Taken: No Action Taken.


Sun Feb 06 16:04:14 2005 => File C:\WINDOWS\system32\hm.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken.

Sun Feb 06 16:04:17 2005 => File C:\WINDOWS\system32\ieexec.exe infected by "Trojan.Win32.Zapchast" Virus. Action Taken: No Action Taken.

Sun Feb 06 16:05:17 2005 => File C:\WINDOWS\system32\porynt.dll infected by "Trojan-Downloader.Win32.Small.ajb" Virus. Action Taken: No Action Taken.

Sun Feb 06 16:06:10 2005 => File C:\WINDOWS\system32\wd.sys infected by "Backdoor.Win32.Haxdoor.bp" Virus. Action Taken: No Action Taken

un Feb 06 16:06:23 2005 => File C:\WINDOWS\system32\wtl32a.exe infected by "Trojan-Clicker.Win32.Agent.bd" Virus. Action Taken: No Action Taken


Sun Feb 06 16:06:34 2005 => ***** Scanning complete. *****

Sun Feb 06 16:06:34 2005 => Total Files Scanned: 18846
Sun Feb 06 16:06:34 2005 => Total Virus(es) Found: 46
Sun Feb 06 16:06:34 2005 => Total Disinfected Files: 0
Sun Feb 06 16:06:34 2005 => Total Files Renamed: 0
Sun Feb 06 16:06:34 2005 => Total Deleted Files: 0
Sun Feb 06 16:06:34 2005 => Total Errors: 16
Sun Feb 06 16:06:34 2005 => Time Elapsed: 00:32:47
Sun Feb 06 16:06:34 2005 => Virus Database Date: 2005/02/05
Sun Feb 06 16:06:34 2005 => Virus Database Count: 117200

Sun Feb 06 16:06:34 2005 => Scan Completed.


Danke im vorraus

ohoh.. ein rootkit und ein backdoor..
dein system ist kompromittiert; es ist nicht mehr vertrauenswürdig.
installiere windows neu und beachte diese Anleitung