Spyfalcon + pesttrap

#0
24.03.2006, 18:01
Member

Beiträge: 13
#1 Hi. Hab mir auch diese Fakeprogramme gefangen! Letztes mal wolltet/konntet ihr mir ja nicht helfen,
da ich ja scheinbar noch kein Winupdate gemacht habe und kein SP2 habe!

Das geht ja auch leider nicht mit ner gecrackten Windowsxp Vers.
Wenns doch irgendwie geht würde ich micht sehr freuen wenn mir jmd sagen kann wie. Orginal ist das nämlich ziemlich teuer!
Meine Startseite ändert sich immer in: http://www.necessaryupdates.com/
"SVhost"DOS-Fenster öffnen sich beim PCstart, Spywarnungen, spysalcon installiert sich, werd auf ihttp://www.pesttrap.com/?advid=190 verlinkt, ich bekomm ständig Popups etc. Nette Geschichte :-/
Ich hoffe mir wird geholfen. Sonst muss ich ja formatieren. Bräuchte dann aber die Windowsupdates und Servicepack 2.
Mfg

Logfile of HijackThis v1.99.1
Scan saved at 17:48:59, on 24.03.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Programme\Logitech\iTouch\iTouch.exe
F:\Programme\Winamp\Winampa.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
F:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\iPod\bin\iPodService.exe
F:\Programme\ICQLite\ICQLite.exe
F:\Programme\mIRC\mirc.exe
G:\Games\CS 1.6\Steam.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
F:\Programme\HijackThis.exe

O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp5AC2.tmp
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WinampAgent] "F:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft Office Startup] winssvc.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] svhosts.exe
O4 - HKLM\..\RunServices: [Microsoft Office Startup] winssvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] svhosts.exe
O4 - HKCU\..\Run: [Steam] "g:\games\steam.exe" -silent
O4 - HKCU\..\Run: [Compaq Service Drivers] svhosts.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] svhosts.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{89B5BD4D-3F35-4D08-904A-944BA5FB6679}: NameServer = 217.237.150.97 217.237.149.161
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E5E6811-B3C0-4505-B92F-174C71238B53}: NameServer = 217.237.150.97,217.237.149.161
O17 - HKLM\System\CS1\Services\Tcpip\..\{89B5BD4D-3F35-4D08-904A-944BA5FB6679}: NameServer = 217.237.150.97 217.237.149.161
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOKUME~1\CHRIST~1\LOKALE~1\TEMP\_VWUPSRV.EXE (file missing)


AVP:

Creation date of the report file: Freitag, 24. März 2006 17:50

AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1114 of 04.11.2005
Mainprogram 6.32.00.51 of 03.11.2005
VDF file 6.33.0.118 (0) of 12.01.2006


This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.


Scanning for 279824 virus strains and unwanted programs.

Licensed for: AntiVir Personal Edition
Seri*hier nicht!* number: 0000149991-WURGE-0001

Please enter the workstation and
contact name with phone number in this form:

Name ___________________________________________

Street ___________________________________________

Town ___________________________________________

Phone/Fax ___________________________________________

Email ___________________________________________

Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 ()
Username: Christoph
Computername: CHR1S
Processor: Pentium
Working memory: 1047280 KB free

Version information:
AVWIN.DLL : 6.32.00.51 561192 04.11.2005 12:58:52
AVEWIN32.DLL : 6.33.0.77 1008128 12.01.2006 19:39:10
AVGNT.EXE : 6.32.00.02 180327 04.11.2005 12:58:52
AVGUARD.EXE : 6.32.00.12 208424 04.11.2005 12:58:52
GUARDMSG.DLL : 6.30.00.02 94248 16.03.2005 10:18:06
AVGCMSG.DLL : 6.32.00.01 295029 04.11.2005 12:58:52
AVGNTDW.SYS : 6.31.00.01 32896 04.11.2005 12:58:52
AVPACK32.DLL : 6.32.00.02 319528 04.11.2005 12:58:52
AVGETVER.DLL : 6.30.00.00 24576 16.03.2005 10:18:06
AVSHLEXT.DLL : 6.30.00.01 40960 16.03.2005 10:18:06
AVSched32.EXE : 6.32.00.01 110632 04.11.2005 12:58:52
AVSched32.DLL : 6.30.00.00 122880 16.03.2005 10:18:06
AVREG.DLL : 6.31.00.05 41000 04.11.2005 12:58:52
AVRep.DLL : 6.33.00.110 1626152 12.01.2006 19:39:14
INETUPD.EXE : 6.32.00.53 262203 04.11.2005 12:58:52
INETUPD.DLL : 6.32.00.53 143360 04.11.2005 12:58:52
CTL3D32.DLL : 2.31.000 27136 18.08.2001 13:00:00
MFC42.DLL : 6.00.8665.0 995383 18.08.2001 13:00:00
MSVCRT.DLL : 7.0.2600.0 (xpclient.010817-1148
MSVCRT.DLL : 7.0.2600.0 (xp 322560 18.08.2001 13:00:00
CTL3DV2.DLL : No information

Configuration file:

Name of configuration file: F:\Programme\AVPersonal\AVWIN.INI
Name of report file: F:\Programme\AVPersonal\LOGFILES\AVWIN.LOG
Start path: F:\Programme\AVPersonal
Command line:
Start mode: unknown

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM
.CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH
.JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL*
.PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP
.TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

Response in case of a detection:
[ ] Repair with prompt
[X] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[ ] Acoustic alarm

Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] All archive types

Miscellaneous options:
Temporary path: %TEMP% -> C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[ ] Load AVWin®/NT Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: medium

Drives:
A: Floppy drive
C: Hard disk
D: CD-ROM
E: CD-ROM
F: Hard disk
G: Hard disk
I: CD-ROM

Start of scan: Freitag, 24. März 2006 17:50

Memory test OK
Master boot record of hard disk HD0 OK
Boot record of drive C: OK
Boot record of drive F: OK
Boot record of drive G: OK


Access denied! Error during file opening!
Error code: 0x0002
C:\

WARNING! Access error/file locked!
Error! Could not change directory: Chris
C:\Dokumente und Einstellungen\Christoph\Lokale Einstellungen\Temp
~DF237.tmp
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
Error! Could not change directory: System Volume Information
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32\drivers
atapi.sys
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32\drivers\etc
hosts
[DETECTION] Is the Trojan horse TR/Qhost.AA
WAS DELETED!


Error! Could not change directory: System Volume Information


Error! Could not change directory: System Volume Information

End of scan: Freitag, 24. März 2006 17:57
Time taken: 06:54 min


2770 directories were scanned
70297 files were scanned
8 warning messages were issued
1 file was deleted
0 files were repaired
1 detection
Dieser Beitrag wurde am 24.03.2006 um 18:22 Uhr von Chr1s editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: