ICQ Virus oder ähnl., macht sich Selbstständig, Java leidet

#1 Also kurz gefasst:
1. Ich hab kaum Plan, nur zur Info, bitte Deutsch reden, Noob am Board!
2. Ich hab von jmd. per ICQ einen Link bekommen, "Check this...LINK" habe drauf geklickt! Seit dem beschweren sich Leute bei mir das ich ihnen Viren-Links schicke! Tue ich nicht! Mein ICQ macht es selbstständig (aber ich bekomme davon nichts mit, außer jemand schreibt mir das er den Link bekommt)! Jeder der einmal drauf klickt hat das gleiche Problem. Mindestens 60 % der Leute in meiner Liste sind betroffen. Habe PC schon mit Spybot und Panda (zuvor Updates gemacht) gescannt, der Virus geht nicht weg.
3. Seit dem es passiert ist, läuft alles was mit Java zu tun hat viel langsamer! z.b. bei Knuddels dauert es MINUTEN bis sich ein Fenster öffnet! Ein Bekannter meinte das die Möglichkeit besteht, das diese ICQ-Virus über Java läuft!

Wie bekomme ich diesen Virus oda was es ist wieder weg? Hat jemand Erfahrungen gemacht? Diesen Virus solls früher schonmal gegeben haben! Und jezz ist das so weit ich weiß die neue "version".

Bitte um Hilfe! Danke im Vorraus!
MfG DaKnuddy

#2 Ist wohl eine Warezov Variante. Gib uns bitte die Infos aus diesem Thread:
http://board.protecus.de/t23188.htm
__________
MfG Ralf
SEO-Spam Hunter

#3 Logfile of HijackThis v1.99.1
Scan saved at 17:11:09, on 19.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\programme\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
C:\Programme\Macrogaming\SweetIM\SweetIM.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\Programme\Winamp\winamp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Games\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\programme\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

ich hoffe einfach ma darauf das dieses Dokument online/öffentlich mir keinen Schaden einbringt
Die Sache mit Combofix hat nicht gefunkzt! ...


07-04-19 17:35 17,145 nvapps.xml
07-04-16 15:11 16,832 amcompat.tlb
07-04-16 15:11 23,392 nscompat.tlb
07-04-12 16:00 1,374 wpa.dbl
07-04-11 16:49 2,272 w95inf16.dll
07-04-11 16:49 4,608 w95inf32.dll
07-04-10 13:37 122,136 FNTCACHE.DAT
07-04-09 20:44 124,688 MSWINSCK.OCX
07-04-09 20:44 18,944 wk32.dll
07-04-09 20:44 3,584 ic32.dll
07-03-25 14:16 311,604 perfh009.dat
07-03-25 14:16 39,992 perfc009.dat
07-03-25 14:16 48,156 perfc007.dat
07-03-25 14:16 316,594 perfh007.dat
07-03-25 14:16 723,744 PerfStringBackup.INI
07-01-19 13:53 51,056 sirenacm.dll
06-12-15 20:02 34,064 lhacm.acm
06-12-13 20:12 61,555 jpicpl32.cpl
06-12-13 20:12 45,163 javaw.exe
06-12-13 20:12 45,161 java.exe
06-12-13 20:09 2,951 CONFIG.NT
06-12-13 19:26 0 h323log.txt
06-09-22 05:00 102,400 tsccvid.dll
06-09-22 05:00 45,056 csvidcap.dll
06-08-25 05:47 39,672 vxblock.dll
06-08-25 05:47 514,808 px.dll


07-04-19 16:36 16,384 ~DF4117.tmp
07-04-19 16:36 16,384 ~DF4107.tmp
07-04-19 16:36 16,384 ~DF40F7.tmp
07-04-19 16:36 16,384 ~DF40E7.tmp
07-04-19 15:21 16,384 ~DF1E75.tmp
07-04-19 15:21 16,384 ~DFF79B.tmp
07-04-19 06:21 51,864 d2f8_appcompat.txt
07-04-18 18:58 16,384 ~DF9AEA.tmp
07-04-18 16:50 1,196,032 ~DFE256.tmp
07-04-18 16:50 1,196,032 ~DF96.tmp
07-04-18 16:50 16,384 ~DFE301.tmp
07-04-18 16:50 16,384 ~DF214.tmp
07-04-18 16:31 512 ~DF9DF2.tmp
07-04-18 16:31 16,384 ~DF9DE9.tmp
07-04-18 16:31 512 ~DF9DE1.tmp
07-04-18 16:31 16,384 ~DF9DD9.tmp
07-04-18 16:31 512 ~DF9DD1.tmp
07-04-18 16:31 16,384 ~DF9DC9.tmp
07-04-18 16:31 512 ~DF9DC1.tmp
07-04-18 16:31 16,384 ~DF9DB9.tmp
07-04-18 13:29 1,020 ~ROMFN_00000488
07-04-18 13:28 16,384 ~DFAE28.tmp
07-04-18 13:27 16,384 ~DFD15E.tmp
07-04-18 13:27 512 ~DFC5F9.tmp
07-04-18 13:27 16,384 ~DFC5F1.tmp
07-04-17 18:56 12,246 ICQ73.tmp
07-04-17 18:56 4,314 ICQ72.tmp
07-04-17 17:45 12,040 ICQ3D.tmp
07-04-17 17:45 4,326 ICQ3C.tmp
07-04-17 17:36 3,074 TWAIN.LOG
07-04-17 17:35 4 Twain001.Mtx
07-04-17 17:35 156 Twunk001.MTX
07-04-16 17:54 16,384 ~DFA1FB.tmp
07-04-16 17:54 16,384 ~DFA1EB.tmp
07-04-16 17:54 16,384 ~DFA1DB.tmp
07-04-16 17:54 16,384 ~DFA111.tmp
07-04-16 15:38 0 00n6B.tmp
07-04-16 14:57 16,384 ~DF683B.tmp
07-04-16 14:56 16,384 ~DF33F9.tmp
07-04-16 14:55 16,384 ~DF262D.tmp
07-04-15 13:38 0 h2y1.tmp
07-04-14 21:24 0 89610F.tmp
07-04-14 21:21 0 e4v10E.tmp
07-04-14 21:09 0 tsz109.tmp
07-04-14 20:20 16,384 ~DF4A58.tmp
07-04-14 20:19 16,384 ~DF3ADE.tmp
07-04-14 17:05 156 dw.log
07-04-14 16:52 0 phvD0.tmp
07-04-14 14:16 16,384 ~DFD61F.tmp
07-04-14 14:16 16,384 ~DFCDC5.tmp
07-04-14 13:57 16,384 ~DF3379.tmp
07-04-13 23:26 13,148 ICQ88.tmp
07-04-13 23:26 4,475 ICQ83.tmp
07-04-13 21:00 15,007 ICQ71.tmp
07-04-13 21:00 4,477 ICQ70.tmp
07-04-13 21:00 14,057 ICQ6F.tmp
07-04-13 21:00 4,411 ICQ6E.tmp
07-04-13 20:58 14,420 ICQ6D.tmp
07-04-13 20:58 4,437 ICQ6C.tmp
07-04-13 18:41 0 pab24.tmp
07-04-13 17:58 14,277 ICQ20.tmp
07-04-13 17:58 4,800 ICQ1F.tmp
07-04-13 17:18 12,845 ICQ18.tmp
07-04-13 17:18 4,478 ICQ17.tmp
07-04-13 17:18 12,152 ICQ16.tmp
07-04-13 17:18 4,276 ICQ15.tmp
07-04-13 17:17 4,646 ICQ13.tmp
07-04-13 17:17 13,365 ICQ14.tmp
07-04-13 17:07 4,423 ICQ11.tmp
07-04-13 17:07 12,073 ICQ12.tmp
07-04-13 16:48 0 py4A.tmp
07-04-13 16:47 15,332 ICQ9.tmp
07-04-13 16:47 5,162 ICQ8.tmp
07-04-13 15:04 16,384 ~DF4090.tmp
07-04-12 22:04 16,384 ~DF3958.tmp
07-04-12 22:04 16,384 ~DF2A7B.tmp
07-04-12 19:59 797,676 IMTC.xml
07-04-12 19:59 426 IMTB.xml
07-04-12 19:59 2,036 IMTA.xml
07-04-12 18:17 16,384 ~DFF345.tmp
07-04-12 18:17 16,384 ~DFEAD8.tmp
07-04-12 17:49 15,728 ICQ2.tmp
07-04-12 17:49 5,341 ICQ1.tmp
07-04-12 17:35 16,384 ~DFF53C.tmp
07-04-12 17:32 16,384 ~DF227B.tmp
07-04-12 17:31 16,384 ~DFDBBA.tmp
07-04-12 17:11 16,384 ~DFC584.tmp
07-04-12 17:11 16,384 ~DFC574.tmp
07-04-12 17:11 16,384 ~DFC4AA.tmp
07-04-12 17:11 16,384 ~DFC49A.tmp
07-04-12 17:07 16,384 ~DF868F.tmp
07-04-12 17:07 16,384 ~DF861F.tmp
07-04-12 17:07 16,384 ~DF860B.tmp
07-04-12 17:03 16,384 ~DFD13D.tmp
07-04-12 17:03 16,384 ~DFD118.tmp
07-04-12 17:03 16,384 ~DFD107.tmp
07-04-12 17:03 16,384 ~DFD0F7.tmp
07-04-12 17:03 16,384 ~DFEFEC.tmp
07-04-12 16:59 16,384 ~DF8531.tmp
07-04-12 16:59 16,384 ~DF7A7E.tmp
07-04-11 20:23 15,289 ICQC5.tmp
07-04-11 20:23 5,029 ICQC4.tmp
07-04-11 20:23 15,966 ICQC3.tmp
07-04-11 20:23 5,326 ICQC2.tmp
07-04-11 17:12 14,823 ICQ87.tmp
07-04-11 17:12 5,006 ICQ86.tmp
07-04-11 17:11 12,961 ICQ85.tmp
07-04-11 17:11 4,406 ICQ84.tmp
07-04-11 16:55 0 Twunk002.MTX
07-04-11 16:47 11,368 ICQ3B.tmp
07-04-11 16:47 4,460 ICQ3A.tmp
07-04-11 16:46 12,078 ICQ39.tmp
07-04-11 16:46 4,294 ICQ38.tmp
07-04-11 16:44 4,542 ICQ36.tmp
07-04-11 16:44 13,590 ICQ37.tmp
07-04-11 16:43 12,624 ICQ35.tmp
07-04-11 16:43 4,583 ICQ34.tmp
07-04-11 16:43 11,357 ICQ33.tmp
07-04-11 16:43 4,259 ICQ32.tmp
07-04-11 16:42 13,375 ICQ31.tmp
07-04-11 16:42 4,757 ICQ30.tmp
07-04-11 16:41 4,363 ICQ2E.tmp
07-04-11 16:41 12,274 ICQ2F.tmp
07-04-11 16:41 12,277 ICQ2D.tmp
07-04-11 16:41 4,363 ICQ2C.tmp
07-04-11 16:40 13,570 ICQ2B.tmp
07-04-11 16:40 4,904 ICQ2A.tmp
07-04-10 23:59 797,676 IMT398.xml
07-04-10 23:59 426 IMT397.xml
07-04-10 23:59 2,036 IMT396.xml
07-04-10 21:36 16,384 ~DFA29.tmp
07-04-10 21:34 16,384 ~DFB243.tmp
07-04-10 21:09 512 ~DFC7DE.tmp
07-04-10 21:09 16,384 ~DFC78D.tmp
07-04-10 21:05 512 ~DFBD1C.tmp
07-04-10 21:05 1,196,032 ~DFB7B6.tmp
07-04-10 21:04 512 ~DF9520.tmp
07-04-10 21:04 1,196,032 ~DF9502.tmp
07-04-10 20:45 1,020 ~ROMFN_00000744
07-04-10 19:13 16,384 ~DFE19.tmp
07-04-10 19:12 15,163 ICQ26.tmp
07-04-10 19:12 5,381 ICQ25.tmp
07-04-10 18:47 0 h3w1E.tmp
07-04-10 18:27 16,384 ~DF3A05.tmp
07-04-10 18:27 16,384 ~DF39E7.tmp
07-04-10 18:27 16,384 ~DF39D1.tmp
07-04-10 18:27 16,384 ~DF39B3.tmp
07-04-10 18:27 16,384 ~DFCC36.tmp
07-04-10 18:27 16,384 ~DFCC0B.tmp
07-04-10 18:27 16,384 ~DFCBDF.tmp
07-04-10 18:27 16,384 ~DFCBA9.tmp
07-04-10 18:16 16,384 ~DF7425.tmp
07-04-10 18:16 16,384 ~DF72F7.tmp
07-04-10 18:16 16,384 ~DF721F.tmp
07-04-10 18:16 16,384 ~DF6F1E.tmp
07-04-10 16:41 16,384 ~DFD639.tmp
07-04-10 16:41 16,384 ~DFC9BA.tmp
07-04-10 15:05 16,384 ~DF5E59.tmp
07-04-10 15:05 16,384 ~DF5E34.tmp
07-04-10 15:05 16,384 ~DF5E24.tmp
07-04-10 15:05 16,384 ~DF5E13.tmp
07-04-10 14:11 16,384 ~DF7E3F.tmp
07-04-10 14:11 16,384 ~DF72D5.tmp
07-04-09 20:45 16,384 ~DF5B14.tmp
07-04-09 18:48 0 abd77.tmp
07-04-09 17:01 5,508 ICQ62.tmp
07-04-09 17:01 16,011 ICQ63.tmp
07-04-09 17:01 16,018 ICQ61.tmp
07-04-09 17:01 5,507 ICQ60.tmp
07-04-09 14:13 12,818 control.xml
07-04-09 13:48 16,384 ~DF49FB.tmp
07-04-09 13:48 49,152 ~DF4A2D.tmp
07-04-09 13:39 32,768 ~DF6A30.tmp
07-04-09 13:39 81,920 ~DF6A55.tmp
07-04-09 13:30 16,384 ~DF6A38.tmp
07-04-09 13:30 16,384 ~DF6A28.tmp
07-04-09 13:30 512 ~DF6A20.tmp
07-04-09 13:30 16,384 ~DF69F5.tmp
07-04-09 13:30 512 ~DF69ED.tmp
07-04-09 13:30 16,384 ~DF69E5.tmp
07-04-09 13:30 16,384 ~DF4A03.tmp
07-04-09 13:30 16,384 ~DF49DD.tmp
07-04-09 13:30 512 ~DF49D5.tmp
07-04-09 13:30 16,384 ~DF4912.tmp
07-04-09 13:30 512 ~DF490A.tmp
07-04-09 13:30 16,384 ~DF48EC.tmp
07-04-09 13:29 16,384 ~DFF5.tmp
07-04-09 13:29 512 ~DFEAB8.tmp
07-04-09 13:29 16,384 ~DFEA9A.tmp
07-03-30 16:21 6,616 6c8d_appcompat.txt
07-03-30 16:18 16,384 ~DFC4C2.tmp
07-03-30 16:18 16,384 ~DFC4B1.tmp
07-03-30 16:18 16,384 ~DFC4A1.tmp
07-03-30 16:18 16,384 ~DFC491.tmp
07-03-30 13:50 16,384 ~DFDC86.tmp
07-03-30 13:50 16,384 ~DFDC76.tmp
07-03-30 13:50 16,384 ~DFDC66.tmp
07-03-30 13:50 16,384 ~DFDC56.tmp
07-03-30 13:50 16,384 ~DFAD2E.tmp
07-03-30 13:50 16,384 ~DFA334.tmp
07-03-30 02:01 38,692 606f_appcompat.txt
07-03-28 17:05 512 ~DFF860.tmp
07-03-28 17:05 1,196,032 ~DFF68F.tmp
07-03-28 17:05 512 ~DFDEC0.tmp
07-03-28 17:05 1,196,032 ~DFDE8D.tmp
07-03-28 16:49 512 ~DFC3C0.tmp
07-03-28 16:49 16,384 ~DFC3B8.tmp
07-03-28 16:49 512 ~DFC3B0.tmp
07-03-28 16:49 16,384 ~DFC393.tmp
07-03-28 16:49 512 ~DFC38B.tmp
07-03-28 16:49 16,384 ~DFC383.tmp
07-03-28 16:49 512 ~DFC37B.tmp
07-03-28 16:49 16,384 ~DFC373.tmp
07-03-28 16:47 16,384 ~DFC3B7.tmp
07-03-28 16:47 512 ~DFB8DB.tmp
07-03-28 16:47 16,384 ~DFB8D3.tmp
07-03-28 13:02 16,384 ~DF4BCA.tmp
07-03-28 13:02 16,384 ~DF414B.tmp
07-03-27 23:55 0 y5s89.tmp
07-03-27 20:26 35,574 TFR47.tmp
07-03-27 18:24 16,384 ~DF12B4.tmp
07-03-27 18:24 16,384 ~DFEEFD.tmp
07-03-27 15:06 0 rp740.tmp
07-03-27 12:25 0 h2r2.tmp
07-03-27 12:25 2,202 r2h1.tmp
07-03-26 00:59 0 qa419.tmp
07-03-25 00:29 0 lo022E.tmp
07-03-23 01:55 16,384 ~DFFA78.tmp
07-03-23 01:55 16,384 ~DFFA68.tmp
07-03-23 01:55 16,384 ~DFFA58.tmp
07-03-23 01:55 16,384 ~DFFA48.tmp
07-03-23 01:54 16,384 ~DFEB94.tmp
07-03-23 01:54 16,384 ~DFE3D9.tmp
07-03-21 18:00 0 im46E.tmp
07-03-20 19:24 0 by5BF.tmp
07-03-20 17:24 212 MSI6718.LOG
07-03-19 21:02 0 ~DF38.tmp
07-03-18 14:09 0 un96.tmp
07-03-17 15:14 0 b305E.tmp
07-03-17 15:00 0 tsh54.tmp
07-03-16 23:50 0 o8985.tmp
07-03-15 19:56 0 73g7.tmp
07-03-14 18:32 33,792 ~WRC0000.tmp
07-03-12 19:49 0 yrl7F.tmp
07-03-12 19:48 0 ja57C.tmp
07-03-11 12:53 0 lq441.tmp
07-03-11 12:52 0 79w40.tmp
07-03-11 04:24 0 0s31B6.tmp
07-03-08 00:08 16,384 ~DF42BE.tmp
07-03-08 00:08 16,384 ~DF42AE.tmp
07-03-08 00:08 16,384 ~DF429E.tmp
07-03-08 00:08 16,384 ~DF428E.tmp
07-03-07 15:27 16,384 ~DF6DF6.tmp
07-03-07 15:27 16,384 ~DF65AC.tmp
07-03-07 01:25 0 55qA4.tmp
07-03-06 17:50 16,384 ~DFF575.tmp
07-03-06 17:50 16,384 ~DFE6B2.tmp
07-03-04 23:08 51,864 b8b7_appcompat.txt
07-03-04 21:13 16,384 ~DF2451.tmp
07-03-04 21:13 16,384 ~DF2441.tmp
07-03-04 21:13 16,384 ~DF2431.tmp
07-03-04 21:13 16,384 ~DF2401.tmp
07-03-04 16:17 0 8xy76.tmp
07-03-04 16:17 0 0vy75.tmp
07-03-04 16:17 0 ssy74.tmp
07-03-04 16:17 0 0py73.tmp
07-03-04 16:17 0 kkx72.tmp
07-03-04 16:17 0 nax71.tmp
07-03-04 15:52 16,384 ~DF1F7E.tmp
07-03-04 15:52 16,384 ~DF13E8.tmp
07-03-04 15:32 0 oqv23.tmp
07-03-04 15:31 0 mwi22.tmp
07-03-04 15:31 0 w9220.tmp
07-03-04 15:28 0 o9f1B.tmp
07-03-02 17:41 0 z055D.tmp
07-03-02 15:30 16,384 ~DF5ACA.tmp
07-03-02 15:30 16,384 ~DF5100.tmp
07-03-01 20:59 0 69m5B.tmp
07-03-01 17:41 0 oed17.tmp
07-03-01 17:40 0 od313.tmp
07-03-01 17:38 0 qx7F.tmp
07-02-28 22:51 9,379 ICQ10B.tmp
07-02-28 22:51 3,541 ICQ10A.tmp
07-02-28 17:38 0 h1945.tmp
07-02-28 15:45 0 2zo5.tmp
07-02-26 19:02 0 9oh79.tmp
07-02-24 19:33 797,676 IMT6C.xml
07-02-24 19:33 426 IMT6B.xml
07-02-24 19:33 2,036 IMT6A.xml
07-02-24 19:08 117,248 401e.rra
07-02-24 14:35 59,964 ~e5.0001
07-02-24 14:26 59,964 ~fad052.tmp
07-02-24 12:41 16,384 ~DF42FB.tmp
07-02-24 12:41 16,384 ~DF38CD.tmp
07-02-23 16:42 16,384 ~DFFDA1.tmp
07-02-23 16:42 16,384 ~DFF431.tmp
07-02-20 19:33 0 97f62.tmp
07-02-20 19:33 0 f3c60.tmp
07-02-20 19:31 0 feo5E.tmp
07-02-20 19:31 0 h4x5C.tmp
07-02-20 19:30 0 3do5A.tmp
07-02-20 19:29 0 znu58.tmp
07-02-20 19:29 0 smn56.tmp
07-02-20 19:28 0 b1q54.tmp
07-02-20 19:27 0 9dj52.tmp
07-02-20 19:26 0 mui51.tmp
07-02-20 18:50 16,384 ~DFC9D.tmp
07-02-20 18:50 16,384 ~DFFF81.tmp
07-02-17 17:12 0 1i830.tmp
07-02-14 21:36 0 a5544.tmp
07-02-14 21:36 0 td542.tmp
07-02-14 16:17 16,384 ~DF37D4.tmp
07-02-14 16:17 16,384 ~DF37C2.tmp
07-02-14 16:17 16,384 ~DF36D0.tmp
07-02-14 16:17 16,384 ~DF36C0.tmp
07-02-14 15:55 16,384 ~DF56D7.tmp
07-02-14 15:55 16,384 ~DF4D73.tmp
07-02-11 19:34 283 wahtmltmp00.htm
07-02-10 16:42 0 pjb31.tmp
07-02-10 16:41 0 0qu2F.tmp
07-02-10 16:36 0 2qg2D.tmp
07-02-10 04:56 0 rdl2A.tmp
07-02-10 03:35 0 rht28.tmp
07-02-10 03:30 0 dhe26.tmp
07-02-10 03:20 0 dzi24.tmp
07-02-09 21:52 0 k0s22.tmp
07-02-08 23:00 0 80m10F.tmp
07-02-08 18:33 0 sbd8C.tmp
07-02-08 18:15 0 29h56.tmp
07-02-08 17:00 0 kww41.tmp
07-02-07 21:38 0 47d31.tmp
07-02-07 21:35 0 7012F.tmp
07-02-07 15:37 16,384 ~DF144D.tmp
07-02-07 15:37 16,384 ~DF143D.tmp
07-02-07 15:37 16,384 ~DF142D.tmp
07-02-07 15:36 16,384 ~DF141D.tmp
07-02-07 14:38 16,384 ~DF3953.tmp
07-02-07 14:38 16,384 ~DF2F68.tmp
07-02-06 20:22 0 6fnA5.tmp
07-02-06 16:18 0 25s10.tmp
07-02-06 16:18 0 3apF.tmp
07-02-06 16:18 0 fmmE.tmp
07-02-06 16:18 0 f7eD.tmp
07-02-06 16:18 0 6l5C.tmp
07-02-06 16:17 0 s87B.tmp
07-02-06 16:16 16,384 ~DF634C.tmp
07-02-06 16:16 16,384 ~DF5A90.tmp
07-02-05 22:53 0 el12B7.tmp
07-02-05 18:13 0 awr1D9.tmp
07-02-05 16:04 0 t1bC.tmp
07-02-05 00:41 0 wx32E2.tmp
07-02-04 22:51 10,188 ICQ2CB.tmp
07-02-04 22:51 3,874 ICQ2CA.tmp
07-02-04 22:51 13,880 ICQ2C9.tmp
07-02-04 22:51 4,832 ICQ2C8.tmp
07-02-04 22:50 11,331 ICQ2C7.tmp
07-02-04 22:50 4,235 ICQ2C6.tmp
07-02-04 22:50 12,789 ICQ2C5.tmp
07-02-04 22:50 4,352 ICQ2C4.tmp
07-02-04 22:49 6,092 ICQ2C2.tmp
07-02-04 22:49 18,300 ICQ2C3.tmp
07-02-04 22:49 5,254 ICQ2C0.tmp
07-02-04 22:49 15,512 ICQ2C1.tmp
07-02-04 21:03 0 ~DF287.tmp
07-02-04 04:11 0 288D8.tmp
07-02-03 20:11 0 05u99.tmp
07-02-03 20:11 0 him98.tmp
07-02-03 20:10 0 xrc97.tmp
07-02-03 19:02 0 ngb7E.tmp
07-02-03 17:47 636 vtihome.INI
07-02-03 16:55 0 mp737.tmp
07-02-03 16:54 0 44u35.tmp
07-02-03 16:53 0 oym2E.tmp
07-02-03 16:52 0 mq22D.tmp
07-02-03 16:52 0 kds2C.tmp
07-02-03 16:51 0 bx52B.tmp
07-02-03 16:50 0 pdo2A.tmp
07-02-03 16:37 16,384 ~DF9B2D.tmp
07-02-03 16:36 16,384 ~DF90D2.tmp
07-02-02 14:23 0 hn36C.tmp
07-02-02 00:45 0 mbc13B.tmp
07-02-02 00:39 0 d5612C.tmp
07-02-01 17:13 0 rk3AB.tmp
07-02-01 14:47 0 0r983.tmp
07-02-01 13:35 13,666 ICQ77.tmp
07-02-01 13:35 4,933 ICQ76.tmp

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C08D-F03F

Verzeichnis von C:\WINDOWS\Temp

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C08D-F03F

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06-11-09 15:36 5,019 swflash.inf
03-12-19 18:02 126,976 popcaploader.dll
03-12-19 16:43 241 popcaploader.inf
03-09-15 17:24 61,440 EGamesPlugin.dll
03-09-15 12:05 308 EGamesPlugin.inf
03-08-11 01:43 65 desktop.ini
02-09-29 20:11 228 webmoo.inf
7 Datei(en) 194,277 Bytes
0 Verzeichnis(se), 2,190,028,800 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C08D-F03F

Verzeichnis von C:\

07-04-19 18:18 0 sys.txt
07-04-19 18:17 595 down.txt
07-04-19 18:17 117 tmp.txt
07-04-19 18:16 5,553 system.txt
07-04-19 18:15 18,889 systemtemp.txt
07-04-19 18:12 89,650 system32.txt
07-04-19 17:34 267,964,416 hiberfil.sys
07-04-19 17:34 402,653,184 pagefile.sys
07-03-26 18:05 152,072 SNPP106.RAW
07-03-06 20:32 2,844,934 buttonseigdes.bmp
07-03-06 20:31 2,844,934 hintergrundeigdes.bmp
07-03-02 17:27 347,648 Dok1.doc
07-03-02 17:22 2,846,718 zeugnislarissa.bmp
07-03-02 16:46 2,846,718 zeugnis.bmp
07-02-27 19:02 2,846,718 mysimpson4.bmp
07-02-27 19:01 2,846,718 mysimpson3.bmp
07-02-27 19:00 2,846,718 mysimpson2.bmp
07-02-27 18:59 2,846,718 mysimpson1.bmp
07-02-27 18:58 2,846,718 lovehina3.bmp
07-02-27 18:57 2,846,718 lovehina2.bmp
07-02-27 18:56 2,846,718 lovehina1.bmp
07-02-15 21:13 426,986 CCI00009.jpg
07-02-15 17:43 2,846,718 CCI00008.bmp
07-01-13 16:56 2,270,262 CCI00007.bmp
06-12-17 15:12 268 sqmdata02.sqm
06-12-17 15:12 244 sqmnoopt02.sqm
06-12-15 19:34 268 sqmdata01.sqm
06-12-15 19:34 244 sqmnoopt01.sqm
06-12-15 18:39 244 sqmnoopt00.sqm
06-12-15 18:39 268 sqmdata00.sqm
06-12-13 20:09 0 MSDOS.SYS
06-12-13 20:09 0 IO.SYS
06-12-13 20:09 0 AUTOEXEC.BAT
06-12-13 20:09 0 CONFIG.SYS
04-08-04 14:00 4,952 bootfont.bin
04-08-04 14:00 47,564 NTDETECT.COM
04-08-04 14:00 251,184 ntldr
03-08-11 01:38 211 boot.ini
38 Datei(en) 708,391,867 Bytes
0 Verzeichnis(se), 2,190,024,704 Bytes frei



bitte nicht über mein PC urteilen. Danke

#4 Ich sags ja ungern, aber der Rechner sieht eigentlich sauber aus...

Poste bitte noch ein Combofix Report und ein Gmer Report:
http://virus-protect.org/artikel/tools/gmer.html

Achso:
Nutze die Datentraegerbereinigung(ausser alte Dateien komprimieren) Zusaetzlich noch die Systemwiederherstellung uber "weitere Optionen" saeubern.
http://support.microsoft.com/default.aspx?scid=kb;de;315246
__________
MfG Ralf
SEO-Spam Hunter

#5 Ok raman bin grad dabei..danke... aber sauber is das teil hier sicher nich

Warnung nicht drauf klicken
Hier ein Beispiel, was ich so bekomme, das schicken mir leute die diesen Virus haben:

Dani (07:26 PM) :
Check this:
xxtp://0x0x.lakionmertinher.com/1/2805/


Vorsicht damit!
Der Link sieht jedes mal anders aus!

#6 Ich muss mir das mal eben anschauen,....
__________
MfG Ralf
SEO-Spam Hunter

#7 GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-04-19 19:49:55
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateThread

---- User code sections - GMER 1.0.12 ----

.text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!SetScrollInfo 77D1902C 7 Bytes JMP 0250AAA2 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!GetScrollPos 77D1F66F 5 Bytes JMP 0250AA52 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!SetScrollRange 77D1F6BB 5 Bytes JMP 0250AAF8 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!SetScrollPos 77D1F780 5 Bytes JMP 0250AACD C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!GetScrollRange 77D1F7B7 5 Bytes JMP 0250AA77 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!ShowScrollBar 77D20142 5 Bytes JMP 0250AB26 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!GetScrollInfo 77D23A2F 7 Bytes JMP 0250AA2A C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[3632] USER32.dll!EnableScrollBar 77D67BAD 7 Bytes JMP 0250AA02 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes [ FF, 25, 1E, 00, 26, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!LoadResource 7C80A065 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes [ FF, 25, 1E, 00, 20, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes [ FF, 25, 1E, 00, 23, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!FindResourceW 7C80BA56 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!SizeofResource 7C80BAF1 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Programme\MSN Messenger\msnmsgr.exe
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] ADVAPI32.dll!RegQueryValueExA 77DA7883 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] USER32.dll!DispatchMessageW 77D189D9 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] USER32.dll!SetWindowLongW 77D1DEF1 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] USER32.dll!DestroyWindow 77D1E666 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] USER32.dll!DestroyWindow + 4 77D1E66A 2 Bytes [ 11, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] USER32.dll!CreateWindowExW 77D21AD5 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] WININET.dll!GetUrlCacheEntryInfoExW 771883C4 6 Bytes [ FF, 25, 1E, 00, 35, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] WININET.dll!HttpOpenRequestA 77194AC5 6 Bytes [ FF, 25, 1E, 00, 29, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] WININET.dll!InternetCloseHandle 771961DC 6 Bytes [ FF, 25, 1E, 00, 32, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] WININET.dll!HttpQueryInfoA 77198C6A 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ]
.text C:\Programme\MSN Messenger\msnmsgr.exe[4004] WININET.dll!InternetReadFile 77199555 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ]

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F9D73810] ShldDrv.SYS
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F9D73BD8] ShldDrv.SYS

---- EOF - GMER 1.0.12 ----

VORISCHT
HIer bekome schon wieder so eine Nachricht (NICHT DRAUF KLICKEN!!!)
__nIcHt dIe SeLtEr__ (07:50 PM) :
My party pics:
xxtp://4396.lakionmertinher.com/2/4930/

(link aus sicherheit geändert)

#8 Jaha! sorum ist das ja auch schon stimmiger. Dir schickt jemand diese Links! Dann bist du ja nicht infiziert, sondern die Person auf der anderen Seite. Wenn du die ICQ Nummer kennst, hake bei der Person mal nach. Dein Panda erkennt die Version, die sich hinter diesen Link befindet als: Panda W32/Spamta.WA.worm

und wenn dieser Wurm wirklich bei dir aktiv ist, sieht man das recht leicht durch viele Eintraege in Hijackthis log und datfindbat. Ich teste gerade was dein Panda von den installierten Dateien meldet.

Siehe auch hier: http://www.viruslist.com/en/viruses/encyclopedia?virusid=156498
__________
MfG Ralf
SEO-Spam Hunter

#9 Ich muss auch "infiziert" sein, da mich Leute angemcht haben wieso ich ihnen diesen Link schicke!

Jezz will ich wissen wie ich den vollständig weg bekomme. Danke für den LINK sieht ganz nützlich aus, aber mein Englisch ist sehr schlecht.

#10 Da ist wirklich nichts zu sehen und du bist ja icqmaessig auch gerade offline...
__________
MfG Ralf
SEO-Spam Hunter