ICQ Virus oder ähnl., macht sich Selbstständig, Java leidet |
||
---|---|---|
#0
| ||
19.04.2007, 16:34
...neu hier
Beiträge: 5 |
||
|
||
19.04.2007, 17:00
Moderator
Beiträge: 7805 |
#2
Ist wohl eine Warezov Variante. Gib uns bitte die Infos aus diesem Thread:
http://board.protecus.de/t23188.htm __________ MfG Ralf SEO-Spam Hunter |
|
|
||
19.04.2007, 18:21
...neu hier
Themenstarter Beiträge: 5 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 17:11:09, on 19.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\programme\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe C:\Programme\Macrogaming\SweetIM\SweetIM.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe C:\Programme\Winamp\winamp.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Games\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\programme\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe ich hoffe einfach ma darauf das dieses Dokument online/öffentlich mir keinen Schaden einbringt Die Sache mit Combofix hat nicht gefunkzt! ... 07-04-19 17:35 17,145 nvapps.xml 07-04-16 15:11 16,832 amcompat.tlb 07-04-16 15:11 23,392 nscompat.tlb 07-04-12 16:00 1,374 wpa.dbl 07-04-11 16:49 2,272 w95inf16.dll 07-04-11 16:49 4,608 w95inf32.dll 07-04-10 13:37 122,136 FNTCACHE.DAT 07-04-09 20:44 124,688 MSWINSCK.OCX 07-04-09 20:44 18,944 wk32.dll 07-04-09 20:44 3,584 ic32.dll 07-03-25 14:16 311,604 perfh009.dat 07-03-25 14:16 39,992 perfc009.dat 07-03-25 14:16 48,156 perfc007.dat 07-03-25 14:16 316,594 perfh007.dat 07-03-25 14:16 723,744 PerfStringBackup.INI 07-01-19 13:53 51,056 sirenacm.dll 06-12-15 20:02 34,064 lhacm.acm 06-12-13 20:12 61,555 jpicpl32.cpl 06-12-13 20:12 45,163 javaw.exe 06-12-13 20:12 45,161 java.exe 06-12-13 20:09 2,951 CONFIG.NT 06-12-13 19:26 0 h323log.txt 06-09-22 05:00 102,400 tsccvid.dll 06-09-22 05:00 45,056 csvidcap.dll 06-08-25 05:47 39,672 vxblock.dll 06-08-25 05:47 514,808 px.dll 07-04-19 16:36 16,384 ~DF4117.tmp 07-04-19 16:36 16,384 ~DF4107.tmp 07-04-19 16:36 16,384 ~DF40F7.tmp 07-04-19 16:36 16,384 ~DF40E7.tmp 07-04-19 15:21 16,384 ~DF1E75.tmp 07-04-19 15:21 16,384 ~DFF79B.tmp 07-04-19 06:21 51,864 d2f8_appcompat.txt 07-04-18 18:58 16,384 ~DF9AEA.tmp 07-04-18 16:50 1,196,032 ~DFE256.tmp 07-04-18 16:50 1,196,032 ~DF96.tmp 07-04-18 16:50 16,384 ~DFE301.tmp 07-04-18 16:50 16,384 ~DF214.tmp 07-04-18 16:31 512 ~DF9DF2.tmp 07-04-18 16:31 16,384 ~DF9DE9.tmp 07-04-18 16:31 512 ~DF9DE1.tmp 07-04-18 16:31 16,384 ~DF9DD9.tmp 07-04-18 16:31 512 ~DF9DD1.tmp 07-04-18 16:31 16,384 ~DF9DC9.tmp 07-04-18 16:31 512 ~DF9DC1.tmp 07-04-18 16:31 16,384 ~DF9DB9.tmp 07-04-18 13:29 1,020 ~ROMFN_00000488 07-04-18 13:28 16,384 ~DFAE28.tmp 07-04-18 13:27 16,384 ~DFD15E.tmp 07-04-18 13:27 512 ~DFC5F9.tmp 07-04-18 13:27 16,384 ~DFC5F1.tmp 07-04-17 18:56 12,246 ICQ73.tmp 07-04-17 18:56 4,314 ICQ72.tmp 07-04-17 17:45 12,040 ICQ3D.tmp 07-04-17 17:45 4,326 ICQ3C.tmp 07-04-17 17:36 3,074 TWAIN.LOG 07-04-17 17:35 4 Twain001.Mtx 07-04-17 17:35 156 Twunk001.MTX 07-04-16 17:54 16,384 ~DFA1FB.tmp 07-04-16 17:54 16,384 ~DFA1EB.tmp 07-04-16 17:54 16,384 ~DFA1DB.tmp 07-04-16 17:54 16,384 ~DFA111.tmp 07-04-16 15:38 0 00n6B.tmp 07-04-16 14:57 16,384 ~DF683B.tmp 07-04-16 14:56 16,384 ~DF33F9.tmp 07-04-16 14:55 16,384 ~DF262D.tmp 07-04-15 13:38 0 h2y1.tmp 07-04-14 21:24 0 89610F.tmp 07-04-14 21:21 0 e4v10E.tmp 07-04-14 21:09 0 tsz109.tmp 07-04-14 20:20 16,384 ~DF4A58.tmp 07-04-14 20:19 16,384 ~DF3ADE.tmp 07-04-14 17:05 156 dw.log 07-04-14 16:52 0 phvD0.tmp 07-04-14 14:16 16,384 ~DFD61F.tmp 07-04-14 14:16 16,384 ~DFCDC5.tmp 07-04-14 13:57 16,384 ~DF3379.tmp 07-04-13 23:26 13,148 ICQ88.tmp 07-04-13 23:26 4,475 ICQ83.tmp 07-04-13 21:00 15,007 ICQ71.tmp 07-04-13 21:00 4,477 ICQ70.tmp 07-04-13 21:00 14,057 ICQ6F.tmp 07-04-13 21:00 4,411 ICQ6E.tmp 07-04-13 20:58 14,420 ICQ6D.tmp 07-04-13 20:58 4,437 ICQ6C.tmp 07-04-13 18:41 0 pab24.tmp 07-04-13 17:58 14,277 ICQ20.tmp 07-04-13 17:58 4,800 ICQ1F.tmp 07-04-13 17:18 12,845 ICQ18.tmp 07-04-13 17:18 4,478 ICQ17.tmp 07-04-13 17:18 12,152 ICQ16.tmp 07-04-13 17:18 4,276 ICQ15.tmp 07-04-13 17:17 4,646 ICQ13.tmp 07-04-13 17:17 13,365 ICQ14.tmp 07-04-13 17:07 4,423 ICQ11.tmp 07-04-13 17:07 12,073 ICQ12.tmp 07-04-13 16:48 0 py4A.tmp 07-04-13 16:47 15,332 ICQ9.tmp 07-04-13 16:47 5,162 ICQ8.tmp 07-04-13 15:04 16,384 ~DF4090.tmp 07-04-12 22:04 16,384 ~DF3958.tmp 07-04-12 22:04 16,384 ~DF2A7B.tmp 07-04-12 19:59 797,676 IMTC.xml 07-04-12 19:59 426 IMTB.xml 07-04-12 19:59 2,036 IMTA.xml 07-04-12 18:17 16,384 ~DFF345.tmp 07-04-12 18:17 16,384 ~DFEAD8.tmp 07-04-12 17:49 15,728 ICQ2.tmp 07-04-12 17:49 5,341 ICQ1.tmp 07-04-12 17:35 16,384 ~DFF53C.tmp 07-04-12 17:32 16,384 ~DF227B.tmp 07-04-12 17:31 16,384 ~DFDBBA.tmp 07-04-12 17:11 16,384 ~DFC584.tmp 07-04-12 17:11 16,384 ~DFC574.tmp 07-04-12 17:11 16,384 ~DFC4AA.tmp 07-04-12 17:11 16,384 ~DFC49A.tmp 07-04-12 17:07 16,384 ~DF868F.tmp 07-04-12 17:07 16,384 ~DF861F.tmp 07-04-12 17:07 16,384 ~DF860B.tmp 07-04-12 17:03 16,384 ~DFD13D.tmp 07-04-12 17:03 16,384 ~DFD118.tmp 07-04-12 17:03 16,384 ~DFD107.tmp 07-04-12 17:03 16,384 ~DFD0F7.tmp 07-04-12 17:03 16,384 ~DFEFEC.tmp 07-04-12 16:59 16,384 ~DF8531.tmp 07-04-12 16:59 16,384 ~DF7A7E.tmp 07-04-11 20:23 15,289 ICQC5.tmp 07-04-11 20:23 5,029 ICQC4.tmp 07-04-11 20:23 15,966 ICQC3.tmp 07-04-11 20:23 5,326 ICQC2.tmp 07-04-11 17:12 14,823 ICQ87.tmp 07-04-11 17:12 5,006 ICQ86.tmp 07-04-11 17:11 12,961 ICQ85.tmp 07-04-11 17:11 4,406 ICQ84.tmp 07-04-11 16:55 0 Twunk002.MTX 07-04-11 16:47 11,368 ICQ3B.tmp 07-04-11 16:47 4,460 ICQ3A.tmp 07-04-11 16:46 12,078 ICQ39.tmp 07-04-11 16:46 4,294 ICQ38.tmp 07-04-11 16:44 4,542 ICQ36.tmp 07-04-11 16:44 13,590 ICQ37.tmp 07-04-11 16:43 12,624 ICQ35.tmp 07-04-11 16:43 4,583 ICQ34.tmp 07-04-11 16:43 11,357 ICQ33.tmp 07-04-11 16:43 4,259 ICQ32.tmp 07-04-11 16:42 13,375 ICQ31.tmp 07-04-11 16:42 4,757 ICQ30.tmp 07-04-11 16:41 4,363 ICQ2E.tmp 07-04-11 16:41 12,274 ICQ2F.tmp 07-04-11 16:41 12,277 ICQ2D.tmp 07-04-11 16:41 4,363 ICQ2C.tmp 07-04-11 16:40 13,570 ICQ2B.tmp 07-04-11 16:40 4,904 ICQ2A.tmp 07-04-10 23:59 797,676 IMT398.xml 07-04-10 23:59 426 IMT397.xml 07-04-10 23:59 2,036 IMT396.xml 07-04-10 21:36 16,384 ~DFA29.tmp 07-04-10 21:34 16,384 ~DFB243.tmp 07-04-10 21:09 512 ~DFC7DE.tmp 07-04-10 21:09 16,384 ~DFC78D.tmp 07-04-10 21:05 512 ~DFBD1C.tmp 07-04-10 21:05 1,196,032 ~DFB7B6.tmp 07-04-10 21:04 512 ~DF9520.tmp 07-04-10 21:04 1,196,032 ~DF9502.tmp 07-04-10 20:45 1,020 ~ROMFN_00000744 07-04-10 19:13 16,384 ~DFE19.tmp 07-04-10 19:12 15,163 ICQ26.tmp 07-04-10 19:12 5,381 ICQ25.tmp 07-04-10 18:47 0 h3w1E.tmp 07-04-10 18:27 16,384 ~DF3A05.tmp 07-04-10 18:27 16,384 ~DF39E7.tmp 07-04-10 18:27 16,384 ~DF39D1.tmp 07-04-10 18:27 16,384 ~DF39B3.tmp 07-04-10 18:27 16,384 ~DFCC36.tmp 07-04-10 18:27 16,384 ~DFCC0B.tmp 07-04-10 18:27 16,384 ~DFCBDF.tmp 07-04-10 18:27 16,384 ~DFCBA9.tmp 07-04-10 18:16 16,384 ~DF7425.tmp 07-04-10 18:16 16,384 ~DF72F7.tmp 07-04-10 18:16 16,384 ~DF721F.tmp 07-04-10 18:16 16,384 ~DF6F1E.tmp 07-04-10 16:41 16,384 ~DFD639.tmp 07-04-10 16:41 16,384 ~DFC9BA.tmp 07-04-10 15:05 16,384 ~DF5E59.tmp 07-04-10 15:05 16,384 ~DF5E34.tmp 07-04-10 15:05 16,384 ~DF5E24.tmp 07-04-10 15:05 16,384 ~DF5E13.tmp 07-04-10 14:11 16,384 ~DF7E3F.tmp 07-04-10 14:11 16,384 ~DF72D5.tmp 07-04-09 20:45 16,384 ~DF5B14.tmp 07-04-09 18:48 0 abd77.tmp 07-04-09 17:01 5,508 ICQ62.tmp 07-04-09 17:01 16,011 ICQ63.tmp 07-04-09 17:01 16,018 ICQ61.tmp 07-04-09 17:01 5,507 ICQ60.tmp 07-04-09 14:13 12,818 control.xml 07-04-09 13:48 16,384 ~DF49FB.tmp 07-04-09 13:48 49,152 ~DF4A2D.tmp 07-04-09 13:39 32,768 ~DF6A30.tmp 07-04-09 13:39 81,920 ~DF6A55.tmp 07-04-09 13:30 16,384 ~DF6A38.tmp 07-04-09 13:30 16,384 ~DF6A28.tmp 07-04-09 13:30 512 ~DF6A20.tmp 07-04-09 13:30 16,384 ~DF69F5.tmp 07-04-09 13:30 512 ~DF69ED.tmp 07-04-09 13:30 16,384 ~DF69E5.tmp 07-04-09 13:30 16,384 ~DF4A03.tmp 07-04-09 13:30 16,384 ~DF49DD.tmp 07-04-09 13:30 512 ~DF49D5.tmp 07-04-09 13:30 16,384 ~DF4912.tmp 07-04-09 13:30 512 ~DF490A.tmp 07-04-09 13:30 16,384 ~DF48EC.tmp 07-04-09 13:29 16,384 ~DFF5.tmp 07-04-09 13:29 512 ~DFEAB8.tmp 07-04-09 13:29 16,384 ~DFEA9A.tmp 07-03-30 16:21 6,616 6c8d_appcompat.txt 07-03-30 16:18 16,384 ~DFC4C2.tmp 07-03-30 16:18 16,384 ~DFC4B1.tmp 07-03-30 16:18 16,384 ~DFC4A1.tmp 07-03-30 16:18 16,384 ~DFC491.tmp 07-03-30 13:50 16,384 ~DFDC86.tmp 07-03-30 13:50 16,384 ~DFDC76.tmp 07-03-30 13:50 16,384 ~DFDC66.tmp 07-03-30 13:50 16,384 ~DFDC56.tmp 07-03-30 13:50 16,384 ~DFAD2E.tmp 07-03-30 13:50 16,384 ~DFA334.tmp 07-03-30 02:01 38,692 606f_appcompat.txt 07-03-28 17:05 512 ~DFF860.tmp 07-03-28 17:05 1,196,032 ~DFF68F.tmp 07-03-28 17:05 512 ~DFDEC0.tmp 07-03-28 17:05 1,196,032 ~DFDE8D.tmp 07-03-28 16:49 512 ~DFC3C0.tmp 07-03-28 16:49 16,384 ~DFC3B8.tmp 07-03-28 16:49 512 ~DFC3B0.tmp 07-03-28 16:49 16,384 ~DFC393.tmp 07-03-28 16:49 512 ~DFC38B.tmp 07-03-28 16:49 16,384 ~DFC383.tmp 07-03-28 16:49 512 ~DFC37B.tmp 07-03-28 16:49 16,384 ~DFC373.tmp 07-03-28 16:47 16,384 ~DFC3B7.tmp 07-03-28 16:47 512 ~DFB8DB.tmp 07-03-28 16:47 16,384 ~DFB8D3.tmp 07-03-28 13:02 16,384 ~DF4BCA.tmp 07-03-28 13:02 16,384 ~DF414B.tmp 07-03-27 23:55 0 y5s89.tmp 07-03-27 20:26 35,574 TFR47.tmp 07-03-27 18:24 16,384 ~DF12B4.tmp 07-03-27 18:24 16,384 ~DFEEFD.tmp 07-03-27 15:06 0 rp740.tmp 07-03-27 12:25 0 h2r2.tmp 07-03-27 12:25 2,202 r2h1.tmp 07-03-26 00:59 0 qa419.tmp 07-03-25 00:29 0 lo022E.tmp 07-03-23 01:55 16,384 ~DFFA78.tmp 07-03-23 01:55 16,384 ~DFFA68.tmp 07-03-23 01:55 16,384 ~DFFA58.tmp 07-03-23 01:55 16,384 ~DFFA48.tmp 07-03-23 01:54 16,384 ~DFEB94.tmp 07-03-23 01:54 16,384 ~DFE3D9.tmp 07-03-21 18:00 0 im46E.tmp 07-03-20 19:24 0 by5BF.tmp 07-03-20 17:24 212 MSI6718.LOG 07-03-19 21:02 0 ~DF38.tmp 07-03-18 14:09 0 un96.tmp 07-03-17 15:14 0 b305E.tmp 07-03-17 15:00 0 tsh54.tmp 07-03-16 23:50 0 o8985.tmp 07-03-15 19:56 0 73g7.tmp 07-03-14 18:32 33,792 ~WRC0000.tmp 07-03-12 19:49 0 yrl7F.tmp 07-03-12 19:48 0 ja57C.tmp 07-03-11 12:53 0 lq441.tmp 07-03-11 12:52 0 79w40.tmp 07-03-11 04:24 0 0s31B6.tmp 07-03-08 00:08 16,384 ~DF42BE.tmp 07-03-08 00:08 16,384 ~DF42AE.tmp 07-03-08 00:08 16,384 ~DF429E.tmp 07-03-08 00:08 16,384 ~DF428E.tmp 07-03-07 15:27 16,384 ~DF6DF6.tmp 07-03-07 15:27 16,384 ~DF65AC.tmp 07-03-07 01:25 0 55qA4.tmp 07-03-06 17:50 16,384 ~DFF575.tmp 07-03-06 17:50 16,384 ~DFE6B2.tmp 07-03-04 23:08 51,864 b8b7_appcompat.txt 07-03-04 21:13 16,384 ~DF2451.tmp 07-03-04 21:13 16,384 ~DF2441.tmp 07-03-04 21:13 16,384 ~DF2431.tmp 07-03-04 21:13 16,384 ~DF2401.tmp 07-03-04 16:17 0 8xy76.tmp 07-03-04 16:17 0 0vy75.tmp 07-03-04 16:17 0 ssy74.tmp 07-03-04 16:17 0 0py73.tmp 07-03-04 16:17 0 kkx72.tmp 07-03-04 16:17 0 nax71.tmp 07-03-04 15:52 16,384 ~DF1F7E.tmp 07-03-04 15:52 16,384 ~DF13E8.tmp 07-03-04 15:32 0 oqv23.tmp 07-03-04 15:31 0 mwi22.tmp 07-03-04 15:31 0 w9220.tmp 07-03-04 15:28 0 o9f1B.tmp 07-03-02 17:41 0 z055D.tmp 07-03-02 15:30 16,384 ~DF5ACA.tmp 07-03-02 15:30 16,384 ~DF5100.tmp 07-03-01 20:59 0 69m5B.tmp 07-03-01 17:41 0 oed17.tmp 07-03-01 17:40 0 od313.tmp 07-03-01 17:38 0 qx7F.tmp 07-02-28 22:51 9,379 ICQ10B.tmp 07-02-28 22:51 3,541 ICQ10A.tmp 07-02-28 17:38 0 h1945.tmp 07-02-28 15:45 0 2zo5.tmp 07-02-26 19:02 0 9oh79.tmp 07-02-24 19:33 797,676 IMT6C.xml 07-02-24 19:33 426 IMT6B.xml 07-02-24 19:33 2,036 IMT6A.xml 07-02-24 19:08 117,248 401e.rra 07-02-24 14:35 59,964 ~e5.0001 07-02-24 14:26 59,964 ~fad052.tmp 07-02-24 12:41 16,384 ~DF42FB.tmp 07-02-24 12:41 16,384 ~DF38CD.tmp 07-02-23 16:42 16,384 ~DFFDA1.tmp 07-02-23 16:42 16,384 ~DFF431.tmp 07-02-20 19:33 0 97f62.tmp 07-02-20 19:33 0 f3c60.tmp 07-02-20 19:31 0 feo5E.tmp 07-02-20 19:31 0 h4x5C.tmp 07-02-20 19:30 0 3do5A.tmp 07-02-20 19:29 0 znu58.tmp 07-02-20 19:29 0 smn56.tmp 07-02-20 19:28 0 b1q54.tmp 07-02-20 19:27 0 9dj52.tmp 07-02-20 19:26 0 mui51.tmp 07-02-20 18:50 16,384 ~DFC9D.tmp 07-02-20 18:50 16,384 ~DFFF81.tmp 07-02-17 17:12 0 1i830.tmp 07-02-14 21:36 0 a5544.tmp 07-02-14 21:36 0 td542.tmp 07-02-14 16:17 16,384 ~DF37D4.tmp 07-02-14 16:17 16,384 ~DF37C2.tmp 07-02-14 16:17 16,384 ~DF36D0.tmp 07-02-14 16:17 16,384 ~DF36C0.tmp 07-02-14 15:55 16,384 ~DF56D7.tmp 07-02-14 15:55 16,384 ~DF4D73.tmp 07-02-11 19:34 283 wahtmltmp00.htm 07-02-10 16:42 0 pjb31.tmp 07-02-10 16:41 0 0qu2F.tmp 07-02-10 16:36 0 2qg2D.tmp 07-02-10 04:56 0 rdl2A.tmp 07-02-10 03:35 0 rht28.tmp 07-02-10 03:30 0 dhe26.tmp 07-02-10 03:20 0 dzi24.tmp 07-02-09 21:52 0 k0s22.tmp 07-02-08 23:00 0 80m10F.tmp 07-02-08 18:33 0 sbd8C.tmp 07-02-08 18:15 0 29h56.tmp 07-02-08 17:00 0 kww41.tmp 07-02-07 21:38 0 47d31.tmp 07-02-07 21:35 0 7012F.tmp 07-02-07 15:37 16,384 ~DF144D.tmp 07-02-07 15:37 16,384 ~DF143D.tmp 07-02-07 15:37 16,384 ~DF142D.tmp 07-02-07 15:36 16,384 ~DF141D.tmp 07-02-07 14:38 16,384 ~DF3953.tmp 07-02-07 14:38 16,384 ~DF2F68.tmp 07-02-06 20:22 0 6fnA5.tmp 07-02-06 16:18 0 25s10.tmp 07-02-06 16:18 0 3apF.tmp 07-02-06 16:18 0 fmmE.tmp 07-02-06 16:18 0 f7eD.tmp 07-02-06 16:18 0 6l5C.tmp 07-02-06 16:17 0 s87B.tmp 07-02-06 16:16 16,384 ~DF634C.tmp 07-02-06 16:16 16,384 ~DF5A90.tmp 07-02-05 22:53 0 el12B7.tmp 07-02-05 18:13 0 awr1D9.tmp 07-02-05 16:04 0 t1bC.tmp 07-02-05 00:41 0 wx32E2.tmp 07-02-04 22:51 10,188 ICQ2CB.tmp 07-02-04 22:51 3,874 ICQ2CA.tmp 07-02-04 22:51 13,880 ICQ2C9.tmp 07-02-04 22:51 4,832 ICQ2C8.tmp 07-02-04 22:50 11,331 ICQ2C7.tmp 07-02-04 22:50 4,235 ICQ2C6.tmp 07-02-04 22:50 12,789 ICQ2C5.tmp 07-02-04 22:50 4,352 ICQ2C4.tmp 07-02-04 22:49 6,092 ICQ2C2.tmp 07-02-04 22:49 18,300 ICQ2C3.tmp 07-02-04 22:49 5,254 ICQ2C0.tmp 07-02-04 22:49 15,512 ICQ2C1.tmp 07-02-04 21:03 0 ~DF287.tmp 07-02-04 04:11 0 288D8.tmp 07-02-03 20:11 0 05u99.tmp 07-02-03 20:11 0 him98.tmp 07-02-03 20:10 0 xrc97.tmp 07-02-03 19:02 0 ngb7E.tmp 07-02-03 17:47 636 vtihome.INI 07-02-03 16:55 0 mp737.tmp 07-02-03 16:54 0 44u35.tmp 07-02-03 16:53 0 oym2E.tmp 07-02-03 16:52 0 mq22D.tmp 07-02-03 16:52 0 kds2C.tmp 07-02-03 16:51 0 bx52B.tmp 07-02-03 16:50 0 pdo2A.tmp 07-02-03 16:37 16,384 ~DF9B2D.tmp 07-02-03 16:36 16,384 ~DF90D2.tmp 07-02-02 14:23 0 hn36C.tmp 07-02-02 00:45 0 mbc13B.tmp 07-02-02 00:39 0 d5612C.tmp 07-02-01 17:13 0 rk3AB.tmp 07-02-01 14:47 0 0r983.tmp 07-02-01 13:35 13,666 ICQ77.tmp 07-02-01 13:35 4,933 ICQ76.tmp Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C08D-F03F Verzeichnis von C:\WINDOWS\Temp Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C08D-F03F Verzeichnis von C:\WINDOWS\Downloaded Program Files 06-11-09 15:36 5,019 swflash.inf 03-12-19 18:02 126,976 popcaploader.dll 03-12-19 16:43 241 popcaploader.inf 03-09-15 17:24 61,440 EGamesPlugin.dll 03-09-15 12:05 308 EGamesPlugin.inf 03-08-11 01:43 65 desktop.ini 02-09-29 20:11 228 webmoo.inf 7 Datei(en) 194,277 Bytes 0 Verzeichnis(se), 2,190,028,800 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C08D-F03F Verzeichnis von C:\ 07-04-19 18:18 0 sys.txt 07-04-19 18:17 595 down.txt 07-04-19 18:17 117 tmp.txt 07-04-19 18:16 5,553 system.txt 07-04-19 18:15 18,889 systemtemp.txt 07-04-19 18:12 89,650 system32.txt 07-04-19 17:34 267,964,416 hiberfil.sys 07-04-19 17:34 402,653,184 pagefile.sys 07-03-26 18:05 152,072 SNPP106.RAW 07-03-06 20:32 2,844,934 buttonseigdes.bmp 07-03-06 20:31 2,844,934 hintergrundeigdes.bmp 07-03-02 17:27 347,648 Dok1.doc 07-03-02 17:22 2,846,718 zeugnislarissa.bmp 07-03-02 16:46 2,846,718 zeugnis.bmp 07-02-27 19:02 2,846,718 mysimpson4.bmp 07-02-27 19:01 2,846,718 mysimpson3.bmp 07-02-27 19:00 2,846,718 mysimpson2.bmp 07-02-27 18:59 2,846,718 mysimpson1.bmp 07-02-27 18:58 2,846,718 lovehina3.bmp 07-02-27 18:57 2,846,718 lovehina2.bmp 07-02-27 18:56 2,846,718 lovehina1.bmp 07-02-15 21:13 426,986 CCI00009.jpg 07-02-15 17:43 2,846,718 CCI00008.bmp 07-01-13 16:56 2,270,262 CCI00007.bmp 06-12-17 15:12 268 sqmdata02.sqm 06-12-17 15:12 244 sqmnoopt02.sqm 06-12-15 19:34 268 sqmdata01.sqm 06-12-15 19:34 244 sqmnoopt01.sqm 06-12-15 18:39 244 sqmnoopt00.sqm 06-12-15 18:39 268 sqmdata00.sqm 06-12-13 20:09 0 MSDOS.SYS 06-12-13 20:09 0 IO.SYS 06-12-13 20:09 0 AUTOEXEC.BAT 06-12-13 20:09 0 CONFIG.SYS 04-08-04 14:00 4,952 bootfont.bin 04-08-04 14:00 47,564 NTDETECT.COM 04-08-04 14:00 251,184 ntldr 03-08-11 01:38 211 boot.ini 38 Datei(en) 708,391,867 Bytes 0 Verzeichnis(se), 2,190,024,704 Bytes frei bitte nicht über mein PC urteilen. Danke |
|
|
||
19.04.2007, 18:47
Moderator
Beiträge: 7805 |
#4
Ich sags ja ungern, aber der Rechner sieht eigentlich sauber aus...
Poste bitte noch ein Combofix Report und ein Gmer Report: http://virus-protect.org/artikel/tools/gmer.html Achso: Nutze die Datentraegerbereinigung(ausser alte Dateien komprimieren) Zusaetzlich noch die Systemwiederherstellung uber "weitere Optionen" saeubern. http://support.microsoft.com/default.aspx?scid=kb;de;315246 __________ MfG Ralf SEO-Spam Hunter |
|
|
||
19.04.2007, 19:30
...neu hier
Themenstarter Beiträge: 5 |
#5
Ok raman bin grad dabei..danke... aber sauber is das teil hier sicher nich
Warnung nicht drauf klicken Hier ein Beispiel, was ich so bekomme, das schicken mir leute die diesen Virus haben: Dani (07:26 PM) : Check this: xxtp://0x0x.lakionmertinher.com/1/2805/ Vorsicht damit! Der Link sieht jedes mal anders aus! |
|
|
||
19.04.2007, 19:37
Moderator
Beiträge: 7805 |
||
|
||
19.04.2007, 19:50
...neu hier
Themenstarter Beiträge: 5 |
#7
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-04-19 19:49:55 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateProcess SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateThread ---- User code sections - GMER 1.0.12 ---- .text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!SetScrollInfo 77D1902C 7 Bytes JMP 0250AAA2 C:\Programme\Winamp\Plugins\gen_jumpex.dll .text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!GetScrollPos 77D1F66F 5 Bytes JMP 0250AA52 C:\Programme\Winamp\Plugins\gen_jumpex.dll .text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!SetScrollRange 77D1F6BB 5 Bytes JMP 0250AAF8 C:\Programme\Winamp\Plugins\gen_jumpex.dll .text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!SetScrollPos 77D1F780 5 Bytes JMP 0250AACD C:\Programme\Winamp\Plugins\gen_jumpex.dll .text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!GetScrollRange 77D1F7B7 5 Bytes JMP 0250AA77 C:\Programme\Winamp\Plugins\gen_jumpex.dll .text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!ShowScrollBar 77D20142 5 Bytes JMP 0250AB26 C:\Programme\Winamp\Plugins\gen_jumpex.dll .text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!GetScrollInfo 77D23A2F 7 Bytes JMP 0250AA2A C:\Programme\Winamp\Plugins\gen_jumpex.dll .text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!EnableScrollBar 77D67BAD 7 Bytes JMP 0250AA02 C:\Programme\Winamp\Plugins\gen_jumpex.dll .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!LoadResource 7C80A065 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!FindResourceW 7C80BA56 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!SizeofResource 7C80BAF1 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Programme\MSN Messenger\msnmsgr.exe .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] ADVAPI32.dll!RegQueryValueExA 77DA7883 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] USER32.dll!DispatchMessageW 77D189D9 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] USER32.dll!SetWindowLongW 77D1DEF1 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] USER32.dll!DestroyWindow 77D1E666 3 Bytes [ FF, 25, 1E ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] USER32.dll!DestroyWindow + 4 77D1E66A 2 Bytes [ 11, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] USER32.dll!CreateWindowExW 77D21AD5 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] WININET.dll!GetUrlCacheEntryInfoExW 771883C4 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] WININET.dll!HttpOpenRequestA 77194AC5 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] WININET.dll!InternetCloseHandle 771961DC 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] WININET.dll!HttpQueryInfoA 77198C6A 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\MSN Messenger\msnmsgr.exe[4004] WININET.dll!InternetReadFile 77199555 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F9D73810] ShldDrv.SYS Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F9D73BD8] ShldDrv.SYS ---- EOF - GMER 1.0.12 ---- VORISCHT HIer bekome schon wieder so eine Nachricht (NICHT DRAUF KLICKEN!!!) __nIcHt dIe SeLtEr__ (07:50 PM) : My party pics: xxtp://4396.lakionmertinher.com/2/4930/ (link aus sicherheit geändert) |
|
|
||
19.04.2007, 20:03
Moderator
Beiträge: 7805 |
#8
Jaha! sorum ist das ja auch schon stimmiger. Dir schickt jemand diese Links! Dann bist du ja nicht infiziert, sondern die Person auf der anderen Seite. Wenn du die ICQ Nummer kennst, hake bei der Person mal nach. Dein Panda erkennt die Version, die sich hinter diesen Link befindet als: Panda W32/Spamta.WA.worm
und wenn dieser Wurm wirklich bei dir aktiv ist, sieht man das recht leicht durch viele Eintraege in Hijackthis log und datfindbat. Ich teste gerade was dein Panda von den installierten Dateien meldet. Siehe auch hier: http://www.viruslist.com/en/viruses/encyclopedia?virusid=156498 __________ MfG Ralf SEO-Spam Hunter |
|
|
||
19.04.2007, 20:07
...neu hier
Themenstarter Beiträge: 5 |
#9
Ich muss auch "infiziert" sein, da mich Leute angemcht haben wieso ich ihnen diesen Link schicke!
Jezz will ich wissen wie ich den vollständig weg bekomme. Danke für den LINK sieht ganz nützlich aus, aber mein Englisch ist sehr schlecht. |
|
|
||
19.04.2007, 20:13
Moderator
Beiträge: 7805 |
#10
Da ist wirklich nichts zu sehen und du bist ja icqmaessig auch gerade offline...
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
1. Ich hab kaum Plan, nur zur Info, bitte Deutsch reden, Noob am Board!
2. Ich hab von jmd. per ICQ einen Link bekommen, "Check this...LINK" habe drauf geklickt! Seit dem beschweren sich Leute bei mir das ich ihnen Viren-Links schicke! Tue ich nicht! Mein ICQ macht es selbstständig (aber ich bekomme davon nichts mit, außer jemand schreibt mir das er den Link bekommt)! Jeder der einmal drauf klickt hat das gleiche Problem. Mindestens 60 % der Leute in meiner Liste sind betroffen. Habe PC schon mit Spybot und Panda (zuvor Updates gemacht) gescannt, der Virus geht nicht weg.
3. Seit dem es passiert ist, läuft alles was mit Java zu tun hat viel langsamer! z.b. bei Knuddels dauert es MINUTEN bis sich ein Fenster öffnet! Ein Bekannter meinte das die Möglichkeit besteht, das diese ICQ-Virus über Java läuft!
Wie bekomme ich diesen Virus oda was es ist wieder weg? Hat jemand Erfahrungen gemacht? Diesen Virus solls früher schonmal gegeben haben! Und jezz ist das so weit ich weiß die neue "version".
Bitte um Hilfe! Danke im Vorraus!
MfG DaKnuddy