#1
Hi. Hab mir auch diese Fakeprogramme gefangen! Letztes mal wolltet/konntet ihr mir ja nicht helfen, da ich ja scheinbar noch kein Winupdate gemacht habe und kein SP2 habe!
Das geht ja auch leider nicht mit ner gecrackten Windowsxp Vers. Wenns doch irgendwie geht würde ich micht sehr freuen wenn mir jmd sagen kann wie. Orginal ist das nämlich ziemlich teuer! Meine Startseite ändert sich immer in: http://www.necessaryupdates.com/ "SVhost"DOS-Fenster öffnen sich beim PCstart, Spywarnungen, spysalcon installiert sich, werd auf ihttp://www.pesttrap.com/?advid=190 verlinkt, ich bekomm ständig Popups etc. Nette Geschichte :-/ Ich hoffe mir wird geholfen. Sonst muss ich ja formatieren. Bräuchte dann aber die Windowsupdates und Servicepack 2. Mfg
Logfile of HijackThis v1.99.1 Scan saved at 17:48:59, on 24.03.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Creation date of the report file: Freitag, 24. März 2006 17:50
AntiVir®/XP (2000 + NT) PersonalEdition Classic Build 1114 of 04.11.2005 Mainprogram 6.32.00.51 of 03.11.2005 VDF file 6.33.0.118 (0) of 12.01.2006
This program is for PERSONAL USE only. Any other use is PROHIBITED. Informations regarding commercial versions of AntiVir may be obtained from: www.hbedv.com.
Scanning for 279824 virus strains and unwanted programs.
Licensed for: AntiVir Personal Edition Seri*hier nicht!* number: 0000149991-WURGE-0001
Please enter the workstation and contact name with phone number in this form:
Name ___________________________________________
Street ___________________________________________
Platform: Windows NT Workstation Windows version: 5.1 Build 2600 () Username: Christoph Computername: CHR1S Processor: Pentium Working memory: 1047280 KB free
Name of configuration file: F:\Programme\AVPersonal\AVWIN.INI Name of report file: F:\Programme\AVPersonal\LOGFILES\AVWIN.LOG Start path: F:\Programme\AVPersonal Command line: Start mode: unknown
Mode of report file: [ ] Do not create report [X] Overwrite report [ ] Append new report
Data in report file: [X] Infected files [ ] Infected files with paths [ ] All scanned files [ ] Full information
Abridge report file: [ ] Abridge report file
Warnings in report: [X] Access denied/file locked [X] Wrong file size in directory [X] Wrong creation time in directory [ ] COM file is too large [X] Invalid start address [X] Invalid EXE header [X] Possibly damaged
Summary report: [X] Create summary report Output file: AVWIN.ACT Maximum number of entries: 100
Response in case of a detection: [ ] Repair with prompt [X] Repair without prompt [ ] Delete with prompt [ ] Delete without prompt [ ] Write in report file only [ ] Acoustic alarm
Response in case of destroyed files: [X] Delete with prompt [ ] Delete without prompt [ ] Ignore
Response in case of destroyed files: [X] No change [ ] Current system time [ ] Correct date
Drag&drop settings: [X] Scan subdirectories
Profile settings: [X] Scan subdirectories
Archive options [X] Search archive [X] All archive types
Miscellaneous options: Temporary path: %TEMP% -> C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp [X] Overwrite infected files [ ] Detect idle time [X] Allow interruptions of scan [ ] Load AVWin®/NT Guard on System start
General settings: [X] Save options on exiting AntiVir Priority: medium
Drives: A: Floppy drive C: Hard disk D: CD-ROM E: CD-ROM F: Hard disk G: Hard disk I: CD-ROM
Start of scan: Freitag, 24. März 2006 17:50
Memory test OK Master boot record of hard disk HD0 OK Boot record of drive C: OK Boot record of drive F: OK Boot record of drive G: OK
Access denied! Error during file opening! Error code: 0x0002 C:\
WARNING! Access error/file locked! Error! Could not change directory: Chris C:\Dokumente und Einstellungen\Christoph\Lokale Einstellungen\Temp ~DF237.tmp Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! Error! Could not change directory: System Volume Information C:\WINDOWS\system32\config default Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SAM Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! SECURITY Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! software Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! system Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\WINDOWS\system32\drivers atapi.sys Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! C:\WINDOWS\system32\drivers\etc hosts [DETECTION] Is the Trojan horse TR/Qhost.AA WAS DELETED!
Error! Could not change directory: System Volume Information
Error! Could not change directory: System Volume Information
End of scan: Freitag, 24. März 2006 17:57 Time taken: 06:54 min
2770 directories were scanned 70297 files were scanned 8 warning messages were issued 1 file was deleted 0 files were repaired 1 detection
Dieser Beitrag wurde am 24.03.2006 um 18:22 Uhr von Chr1s editiert.
Um auf dieses Thema zu ANTWORTEN bitte erst » hier kostenlos registrieren!!
da ich ja scheinbar noch kein Winupdate gemacht habe und kein SP2 habe!
Das geht ja auch leider nicht mit ner gecrackten Windowsxp Vers.
Wenns doch irgendwie geht würde ich micht sehr freuen wenn mir jmd sagen kann wie. Orginal ist das nämlich ziemlich teuer!
Meine Startseite ändert sich immer in: http://www.necessaryupdates.com/
"SVhost"DOS-Fenster öffnen sich beim PCstart, Spywarnungen, spysalcon installiert sich, werd auf ihttp://www.pesttrap.com/?advid=190 verlinkt, ich bekomm ständig Popups etc. Nette Geschichte :-/
Ich hoffe mir wird geholfen. Sonst muss ich ja formatieren. Bräuchte dann aber die Windowsupdates und Servicepack 2.
Mfg
Logfile of HijackThis v1.99.1
Scan saved at 17:48:59, on 24.03.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Programme\Logitech\iTouch\iTouch.exe
F:\Programme\Winamp\Winampa.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
F:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\iPod\bin\iPodService.exe
F:\Programme\ICQLite\ICQLite.exe
F:\Programme\mIRC\mirc.exe
G:\Games\CS 1.6\Steam.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
F:\Programme\HijackThis.exe
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp5AC2.tmp
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WinampAgent] "F:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft Office Startup] winssvc.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] svhosts.exe
O4 - HKLM\..\RunServices: [Microsoft Office Startup] winssvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] svhosts.exe
O4 - HKCU\..\Run: [Steam] "g:\games\steam.exe" -silent
O4 - HKCU\..\Run: [Compaq Service Drivers] svhosts.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] svhosts.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{89B5BD4D-3F35-4D08-904A-944BA5FB6679}: NameServer = 217.237.150.97 217.237.149.161
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E5E6811-B3C0-4505-B92F-174C71238B53}: NameServer = 217.237.150.97,217.237.149.161
O17 - HKLM\System\CS1\Services\Tcpip\..\{89B5BD4D-3F35-4D08-904A-944BA5FB6679}: NameServer = 217.237.150.97 217.237.149.161
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOKUME~1\CHRIST~1\LOKALE~1\TEMP\_VWUPSRV.EXE (file missing)
AVP:
Creation date of the report file: Freitag, 24. März 2006 17:50
AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1114 of 04.11.2005
Mainprogram 6.32.00.51 of 03.11.2005
VDF file 6.33.0.118 (0) of 12.01.2006
This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.
Scanning for 279824 virus strains and unwanted programs.
Licensed for: AntiVir Personal Edition
Seri*hier nicht!* number: 0000149991-WURGE-0001
Please enter the workstation and
contact name with phone number in this form:
Name ___________________________________________
Street ___________________________________________
Town ___________________________________________
Phone/Fax ___________________________________________
Email ___________________________________________
Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 ()
Username: Christoph
Computername: CHR1S
Processor: Pentium
Working memory: 1047280 KB free
Version information:
AVWIN.DLL : 6.32.00.51 561192 04.11.2005 12:58:52
AVEWIN32.DLL : 6.33.0.77 1008128 12.01.2006 19:39:10
AVGNT.EXE : 6.32.00.02 180327 04.11.2005 12:58:52
AVGUARD.EXE : 6.32.00.12 208424 04.11.2005 12:58:52
GUARDMSG.DLL : 6.30.00.02 94248 16.03.2005 10:18:06
AVGCMSG.DLL : 6.32.00.01 295029 04.11.2005 12:58:52
AVGNTDW.SYS : 6.31.00.01 32896 04.11.2005 12:58:52
AVPACK32.DLL : 6.32.00.02 319528 04.11.2005 12:58:52
AVGETVER.DLL : 6.30.00.00 24576 16.03.2005 10:18:06
AVSHLEXT.DLL : 6.30.00.01 40960 16.03.2005 10:18:06
AVSched32.EXE : 6.32.00.01 110632 04.11.2005 12:58:52
AVSched32.DLL : 6.30.00.00 122880 16.03.2005 10:18:06
AVREG.DLL : 6.31.00.05 41000 04.11.2005 12:58:52
AVRep.DLL : 6.33.00.110 1626152 12.01.2006 19:39:14
INETUPD.EXE : 6.32.00.53 262203 04.11.2005 12:58:52
INETUPD.DLL : 6.32.00.53 143360 04.11.2005 12:58:52
CTL3D32.DLL : 2.31.000 27136 18.08.2001 13:00:00
MFC42.DLL : 6.00.8665.0 995383 18.08.2001 13:00:00
MSVCRT.DLL : 7.0.2600.0 (xpclient.010817-1148
MSVCRT.DLL : 7.0.2600.0 (xp 322560 18.08.2001 13:00:00
CTL3DV2.DLL : No information
Configuration file:
Name of configuration file: F:\Programme\AVPersonal\AVWIN.INI
Name of report file: F:\Programme\AVPersonal\LOGFILES\AVWIN.LOG
Start path: F:\Programme\AVPersonal
Command line:
Start mode: unknown
Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report
Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information
Abridge report file:
[ ] Abridge report file
Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged
Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100
Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM
.CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH
.JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL*
.PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP
.TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
Response in case of a detection:
[ ] Repair with prompt
[X] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[ ] Acoustic alarm
Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore
Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date
Drag&drop settings:
[X] Scan subdirectories
Profile settings:
[X] Scan subdirectories
Archive options
[X] Search archive
[X] All archive types
Miscellaneous options:
Temporary path: %TEMP% -> C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[ ] Load AVWin®/NT Guard on System start
General settings:
[X] Save options on exiting AntiVir
Priority: medium
Drives:
A: Floppy drive
C: Hard disk
D: CD-ROM
E: CD-ROM
F: Hard disk
G: Hard disk
I: CD-ROM
Start of scan: Freitag, 24. März 2006 17:50
Memory test OK
Master boot record of hard disk HD0 OK
Boot record of drive C: OK
Boot record of drive F: OK
Boot record of drive G: OK
Access denied! Error during file opening!
Error code: 0x0002
C:\
WARNING! Access error/file locked!
Error! Could not change directory: Chris
C:\Dokumente und Einstellungen\Christoph\Lokale Einstellungen\Temp
~DF237.tmp
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
Error! Could not change directory: System Volume Information
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32\drivers
atapi.sys
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32\drivers\etc
hosts
[DETECTION] Is the Trojan horse TR/Qhost.AA
WAS DELETED!
Error! Could not change directory: System Volume Information
Error! Could not change directory: System Volume Information
End of scan: Freitag, 24. März 2006 17:57
Time taken: 06:54 min
2770 directories were scanned
70297 files were scanned
8 warning messages were issued
1 file was deleted
0 files were repaired
1 detection