Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
ICQ Virus "Wie findest du das Bild?"

ICQ Virus "Wie findest du das Bild?"


Plagegeister aller Art und deren Bekämpfung: ICQ Virus "Wie findest du das Bild?"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.06.2010, 16:48   #1
Maverik47
 
ICQ Virus "Wie findest du das Bild?" - Standard

ICQ Virus "Wie findest du das Bild?"


Peace,
Ich Dumpfbacke lol hab mir auch das Bild gesaugt.Hier mein Report von Anti Malware: Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4199

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

15.06.2010 17:06:04
mbam-log-2010-06-15 (17-06-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135096
Laufzeit: 3 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\Maverik\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Maverik\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Und hier von OTL: Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4199

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

15.06.2010 17:06:04
mbam-log-2010-06-15 (17-06-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135096
Laufzeit: 3 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\Maverik\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Maverik\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Ich hoffe ihr könnt mir helfen und danke schon mal.
MfG

Alt 16.06.2010, 14:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ICQ Virus "Wie findest du das Bild?" - Standard

ICQ Virus "Wie findest du das Bild?"


Hallo und

bitte Malwarebytes aktualisieren, einen Vollscan machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 17.06.2010, 19:42   #3
Maverik47
 
ICQ Virus "Wie findest du das Bild?" - Standard

ICQ Virus "Wie findest du das Bild?"


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4209

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

17.06.2010 20:29:07
mbam-log-2010-06-17 (20-29-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 237530
Laufzeit: 28 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\Documents\Downloads\Install\IDM\Patch 5.xx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
__________________
Alt 17.06.2010, 19:52   #4
Maverik47
 
ICQ Virus "Wie findest du das Bild?" - Standard

ICQ Virus "Wie findest du das Bild?"


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.06.2010 20:45:06 - Run 2
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\Maverik\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 443,23 Gb Total Space | 342,22 Gb Free Space | 77,21% Space Free | Partition Type: NTFS
Drive D: | 488,28 Gb Total Space | 363,33 Gb Free Space | 74,41% Space Free | Partition Type: NTFS
Drive E: | 168,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAVERIK-PC
Current User Name: Maverik
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D268D8B-334D-4AB0-B786-C9BDE7A83902}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F1A0364-BD66-484D-A26C-3171A5A710BB}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{36C0B588-B8E8-40F2-8239-56B3BCBFA251}" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"{41331D49-1C3F-412D-851F-1E2B0105FCBB}" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"{584ABE74-67B1-4D9A-861B-EA53FA43D7E2}" = protocol=6 | dir=in | app=d:\programme\combat arms neuneu\combat arms eu\nmservice.exe | 
"{5D8E373B-C347-41D3-8559-E23C73F4727B}" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"{5F828743-15FB-446E-86AF-7F1D63A096F8}" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"{63E98CDF-E7D0-418F-8CEE-FBB378ADA429}" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"{6C6C9ADD-FCB1-464E-81B6-42CC16DB841E}" = dir=in | app=c:\program files\avg\avg9\avgam.exe | 
"{73865289-0C45-4E54-910C-889FA9C047EF}" = protocol=17 | dir=in | app=d:\programme\combat arms neuneu\combat arms eu\nmservice.exe | 
"{7E1DEE7C-9DA8-4D62-A72E-202E8A186017}" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"{91565DF0-B32D-454D-99D7-8325F0CCD869}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe | 
"{9B759CEE-9A67-4115-B410-244A9A36B1C4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{9FD82F8A-D2F1-4AAF-8991-8132D56A10AE}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe | 
"{B62B154E-7BE2-4FAA-9B5D-7249749FBF9D}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | 
"{B6A87EFE-8614-4C37-8FDF-A494F7B1F816}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | 
"{BE4EEDA3-3B88-4B04-A371-D5B865CD736F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{DE116735-C883-41DF-9113-9D50F9AC29F8}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{DE36DDC5-4B00-4F63-9D79-295BFF5FDD9B}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | 
"{E44A8802-F1C9-4E8C-81E9-EEC1A52590F3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{F39AA3C0-5D33-4324-B54F-6DC93A85A009}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{FFBC58F6-ED04-4A30-8DEF-136C5DA876EB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe | 
"TCP Query User{199C859E-9DB2-4EE4-ACC7-1BE474C93AD2}C:\users\maverik\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\maverik\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{1B530732-01C7-4FCE-AA33-1E034F15308B}D:\programme\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\programme\xfire\xfire.exe | 
"TCP Query User{B15F1218-7BC2-4E88-BF64-EDABDDF7319E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9CDEDE66-57F0-436C-96AD-9E3C13BED0A0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{ADB4226F-8EBA-4549-92EE-DD008AED9B02}C:\users\maverik\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\maverik\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{B82F8FD0-C626-4E11-994B-0EAF2B27F506}D:\programme\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\programme\xfire\xfire.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AirRivals_DE_is1" = AirRivals_DE 1.0.0.35
"AVG9Uninstall" = AVG 9.0
"Combat Arms EU" = Combat Arms EU
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Glary Utilities_is1" = Glary Utilities 2.22.0.896
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"S-Spline 2" = S-Spline 2
"Stardock MyColors" = Stardock MyColors
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"Wochenplan-Trainingssoftware 1" = Wochenplan-Trainingssoftware 1
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.06.2010 11:00:49 | Computer Name = Maverik-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Ckw.exe, Version 0.0.0.0, Zeitstempel 0x4c0fc898,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x005d0004,  Prozess-ID 0xb4c, Anwendungsstartzeit 01cb0c9b78b2916e.
 
Error - 15.06.2010 11:00:58 | Computer Name = Maverik-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Ckz.exe, Version 0.0.0.0, Zeitstempel 0x4c063e9b,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x01720004,  Prozess-ID 0x684, Anwendungsstartzeit 01cb0c9b8e4666fe.
 
Error - 15.06.2010 11:01:40 | Computer Name = Maverik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2010 11:09:06 | Computer Name = Maverik-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Cky.exe, Version 0.0.0.0, Zeitstempel 0x4c0fc898,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x01b60004,  Prozess-ID 0x944, Anwendungsstartzeit 01cb0c9c9f32be61.
 
Error - 15.06.2010 11:10:00 | Computer Name = Maverik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2010 11:59:28 | Computer Name = Maverik-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Cky.exe, Version 0.0.0.0, Zeitstempel 0x4c0fc898,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x01ad0004,  Prozess-ID 0x1284, Anwendungsstartzeit 01cb0ca3ab1a0f61.
 
Error - 16.06.2010 18:52:48 | Computer Name = Maverik-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Cky.exe, Version 0.0.0.0, Zeitstempel 0x4c0fc898,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x005c0004,  Prozess-ID 0xe68, Anwendungsstartzeit 01cb0da6916e2a94.
 
Error - 16.06.2010 18:53:34 | Computer Name = Maverik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.06.2010 08:42:46 | Computer Name = Maverik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.06.2010 14:33:00 | Computer Name = Maverik-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 10.05.2010 13:36:26 | Computer Name = Maverik-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.05.2010 21:04:12 | Computer Name = Maverik-PC | Source = Service Control Manager | ID = 7016
Description = 
 
Error - 17.05.2010 20:19:29 | Computer Name = Maverik-PC | Source = Service Control Manager | ID = 7016
Description = 
 
Error - 18.05.2010 20:04:50 | Computer Name = Maverik-PC | Source = Service Control Manager | ID = 7016
Description = 
 
Error - 30.05.2010 21:19:02 | Computer Name = Maverik-PC | Source = Service Control Manager | ID = 7016
Description = 
 
Error - 31.05.2010 20:48:54 | Computer Name = Maverik-PC | Source = Service Control Manager | ID = 7016
Description = 
 
Error - 01.06.2010 21:19:32 | Computer Name = Maverik-PC | Source = Service Control Manager | ID = 7016
Description = 
 
Error - 07.06.2010 12:41:59 | Computer Name = Maverik-PC | Source = Service Control Manager | ID = 7016
Description = 
 
Error - 09.06.2010 21:18:29 | Computer Name = Maverik-PC | Source = Service Control Manager | ID = 7016
Description = 
 
Error - 11.06.2010 01:04:52 | Computer Name = Maverik-PC | Source = Service Control Manager | ID = 7016
Description = 
 
 
< End of report >
--- --- ---
Alt 17.06.2010, 19:56   #5
Maverik47
 
ICQ Virus "Wie findest du das Bild?" - Standard

ICQ Virus "Wie findest du das Bild?"


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.06.2010 20:45:06 - Run 2
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\Maverik\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 443,23 Gb Total Space | 342,22 Gb Free Space | 77,21% Space Free | Partition Type: NTFS
Drive D: | 488,28 Gb Total Space | 363,33 Gb Free Space | 74,41% Space Free | Partition Type: NTFS
Drive E: | 168,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAVERIK-PC
Current User Name: Maverik
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Maverik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Programme\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Users\Maverik\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Programme\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - D:\Programme\stard0c5\Stardock\MyColors\WBVista.exe ()
PRC - D:\Programme\stard0c5\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Maverik\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - D:\Programme\AORIG\Stardock\MyColors\wblind.dll (Stardock Corporation)
MOD - D:\Programme\AORIG\Stardock\MyColors\wbhelp.dll (Stardock.Net, Inc)
MOD - C:\Windows\System32\wbload.dll ()
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WindowBlinds) -- D:\Programme\stard0c5\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google-black.huetten-check.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google-black.huetten-check.net/"
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100415
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programme\Neuer Ordner (2)\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programme\Neuer Ordner (2)\plugins [2010.06.06 01:13:23 | 000,000,000 | ---D | M]
 
[2010.04.29 19:17:32 | 000,000,000 | ---D | M] -- C:\Users\Maverik\AppData\Roaming\mozilla\Extensions
[2010.06.11 18:09:56 | 000,000,000 | ---D | M] -- C:\Users\Maverik\AppData\Roaming\mozilla\Firefox\Profiles\mpe94fp5.default\extensions
[2010.05.02 17:33:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Maverik\AppData\Roaming\mozilla\Firefox\Profiles\mpe94fp5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.03 08:50:39 | 000,000,000 | ---D | M] -- C:\Users\Maverik\AppData\Roaming\mozilla\Firefox\Profiles\mpe94fp5.default\extensions\nasanightlaunch@example.com
[2010.06.11 01:25:10 | 000,000,000 | ---D | M] -- C:\Users\Maverik\AppData\Roaming\mozilla\Firefox\Profiles\mpe94fp5.default\extensions\personas@christopher.beard
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programme\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Neuer Ordner\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDMan] D:\Programme\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Users\Maverik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = D:\Programme\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O8 - Extra context menu item: Download aller Links mit IDM - D:\Programme\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - D:\Programme\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download mit IDM - D:\Programme\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Maverik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Maverik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.11.08 18:41:45 | 002,928,591 | R--- | M] (Macromedia, Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.11.08 20:15:11 | 000,000,052 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7beb0a48-5369-11df-a368-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7beb0a48-5369-11df-a368-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007.11.08 18:41:45 | 002,928,591 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.15 17:21:32 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Maverik\Desktop\OTL.exe
[2010.06.15 17:06:50 | 000,000,000 | ---D | C] -- C:\Users\Maverik\Desktop\Neuer Ordner (2)
[2010.06.15 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\Maverik\AppData\Roaming\Malwarebytes
[2010.06.15 16:48:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.15 16:48:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.15 16:48:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.15 16:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.15 16:41:47 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Maverik\Desktop\mbam-setup.exe
[2010.06.14 02:20:10 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.06.13 22:41:40 | 000,000,000 | ---D | C] -- C:\Users\Maverik\Desktop\Neuer Ordner
[2010.06.13 15:36:46 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.06.13 15:36:46 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.06.13 15:36:46 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.06.12 17:54:59 | 000,000,000 | ---D | C] -- C:\Users\Maverik\AppData\Roaming\Leadertech
[2010.06.12 17:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010.06.12 17:48:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\logishrd
[2010.06.09 05:48:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.09 05:48:20 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.09 05:48:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.09 05:48:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.09 05:48:11 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.09 05:48:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.09 05:48:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.09 05:48:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.09 05:48:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.09 05:48:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.09 05:48:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.09 05:48:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.09 05:48:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.09 05:48:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.09 05:48:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.09 05:48:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.09 05:48:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.09 05:48:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.09 05:48:08 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.06.08 12:33:24 | 000,000,000 | ---D | C] -- C:\Users\Maverik\AppData\Roaming\skypePM
[2010.06.08 12:29:14 | 000,000,000 | ---D | C] -- C:\Users\Maverik\AppData\Roaming\Skype
[2010.06.08 12:28:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.06.08 12:28:51 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.06.08 12:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.06.06 17:38:20 | 000,000,000 | ---D | C] -- C:\Users\Maverik\Desktop\USB Stick
[2010.06.06 01:13:08 | 000,000,000 | ---D | C] -- C:\Users\Maverik\AppData\Roaming\DivX
[2010.06.06 01:12:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.05.30 15:47:37 | 000,000,000 | ---D | C] -- C:\Users\Maverik\AppData\Roaming\gtk-2.0
[2010.05.30 15:47:26 | 000,000,000 | ---D | C] -- C:\Users\Maverik\.thumbnails
[2010.05.30 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\Maverik\Documents\gegl-0.0
[2010.05.30 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\Maverik\.gimp-2.6
[2010.05.30 15:46:06 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2010.05.30 06:46:23 | 000,000,000 | ---D | C] -- C:\Programme\Shortcut
[2010.05.25 19:48:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.22 16:49:14 | 000,000,000 | ---D | C] -- C:\Users\Maverik\Desktop\amazon
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.17 20:45:57 | 001,835,008 | -HS- | M] () -- C:\Users\Maverik\NTUSER.DAT
[2010.06.17 20:39:13 | 000,070,677 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.17 20:39:13 | 000,070,677 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.17 20:39:05 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.06.17 20:39:05 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.06.17 20:39:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.17 20:38:47 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.17 20:38:47 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.17 20:38:47 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.17 20:38:47 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.17 20:38:47 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.17 20:31:26 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.17 20:31:26 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.17 20:31:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.17 20:31:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.17 20:31:17 | 3488,817,152 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.17 20:30:12 | 000,524,288 | -HS- | M] () -- C:\Users\Maverik\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010.06.17 20:30:12 | 000,065,536 | -HS- | M] () -- C:\Users\Maverik\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.06.17 20:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.17 16:44:35 | 061,163,159 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.06.17 01:32:56 | 001,682,336 | -H-- | M] () -- C:\Users\Maverik\AppData\Local\IconCache.db
[2010.06.15 17:21:36 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Maverik\Desktop\OTL.exe
[2010.06.15 16:48:20 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.15 16:42:12 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Maverik\Desktop\mbam-setup.exe
[2010.06.15 16:20:59 | 000,000,753 | ---- | M] () -- C:\Users\Maverik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.06.13 15:49:11 | 000,013,824 | ---- | M] () -- C:\Users\Maverik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.13 06:38:43 | 000,000,680 | ---- | M] () -- C:\Users\Maverik\AppData\Local\d3d9caps.dat
[2010.06.12 17:54:53 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\Logitech-Webkamera-Software.lnk
[2010.06.10 03:20:05 | 000,253,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.08 12:33:25 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.06.06 17:35:06 | 000,021,595 | ---- | M] () -- C:\Users\Maverik\Desktop\Mediamarkt_Logo.png
[2010.05.31 16:29:18 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.05.31 16:29:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.05.31 02:40:05 | 000,003,987 | ---- | M] () -- C:\Users\Maverik\.recently-used.xbel
[2010.05.28 02:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2010.05.26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.20 15:24:26 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Wochenplan 1.lnk
 
========== Files Created - No Company Name ==========
 
[2010.06.15 16:48:20 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.15 16:20:59 | 000,000,753 | ---- | C] () -- C:\Users\Maverik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.06.15 16:20:31 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.06.12 17:54:53 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\Logitech-Webkamera-Software.lnk
[2010.06.08 12:33:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.06 17:35:05 | 000,021,595 | ---- | C] () -- C:\Users\Maverik\Desktop\Mediamarkt_Logo.png
[2010.05.31 02:40:05 | 000,003,987 | ---- | C] () -- C:\Users\Maverik\.recently-used.xbel
[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.05.20 15:24:26 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Wochenplan 1.lnk
[2010.05.03 02:28:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.05.02 06:11:30 | 000,000,040 | ---- | C] () -- C:\Windows\System32\Sx5363.ini
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.06.09 09:55:58 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009.04.30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008.02.01 20:55:17 | 000,001,000 | ---- | C] () -- C:\Windows\registry.ini
[2008.02.01 20:55:17 | 000,000,438 | ---- | C] () -- C:\Windows\registry-oem.ini
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
--- --- ---
Alt 18.06.2010, 10:36   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ICQ Virus "Wie findest du das Bild?" - Standard

ICQ Virus "Wie findest du das Bild?"


Zitat:
D:\Documents\Downloads\Install\IDM\Patch 5.xx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Was soll das sein?
__________________
--> ICQ Virus "Wie findest du das Bild?"

Alt 21.06.2010, 03:03   #7
Maverik47
 
ICQ Virus "Wie findest du das Bild?" - Standard

ICQ Virus "Wie findest du das Bild?"


KA is das n Trojaner oder was?Wurde der jetzt gelöscht?

Alt 21.06.2010, 08:02   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ICQ Virus "Wie findest du das Bild?" - Standard

ICQ Virus "Wie findest du das Bild?"


Das Teil musst du heruntergeladen haben. Kannst du das zuordnen? Schau Dir den Pfad an.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.06.2010, 21:51   #9
Maverik47
 
ICQ Virus "Wie findest du das Bild?" - Standard

ICQ Virus "Wie findest du das Bild?"


Ja ich erinner mich.Kann gut sein das das n Virus is ^^ aber das hab ich schon lange und das mit dem ICQ hab ich erst seit 2 wochen.

Alt 23.06.2010, 08:46   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ICQ Virus "Wie findest du das Bild?" - Standard

ICQ Virus "Wie findest du das Bild?"


Ja und was soll das sein?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu ICQ Virus "Wie findest du das Bild?"
.dll, anti, anti-malware, appdata, bild, bösartige, dateien, explorer, handle, hoffe, icq, icq virus, local\temp, malware, malwarebytes, malwarebytes' anti-malware, microsoft, minute, report, service, software, tasks, temp, troja, trojan.fakealert, version, virus


« Virus Anti Malware Doktor, wie überprüfe ich vollständige Löschung? | C:\WINDOWS\system32\diannsvr.dll von AntiVir als BDS/Papras.HZ erkannt »


Ähnliche Themen: ICQ Virus "Wie findest du das Bild?"


  1. Problem beim Öffnen aller Programme ("Ungültiges Bild -..*.dll."st entweder..")
    Log-Analyse und Auswertung - 09.02.2015 (11)
  2. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  3. BKA - Virus neu "Mit Webcam Bild"
    Log-Analyse und Auswertung - 12.07.2013 (5)
  4. ICQ-Virus, "Sieh dir das Bild an" :D
    Antiviren-, Firewall- und andere Schutzprogramme - 10.11.2010 (1)
  5. ICQ-Virus, "Sieh dir das Bild an" :D
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (5)
  6. Icq virus / wie findest du das bild... usw
    Plagegeister aller Art und deren Bekämpfung - 09.11.2010 (16)
  7. MSN Virus erhalten "Guck mal dieses Bild" [...] Proxy Umleitung? :x
    Log-Analyse und Auswertung - 05.09.2010 (1)
  8. ICQ spamt: "Wie findest du mein neues Foto denn so ;D "
    Plagegeister aller Art und deren Bekämpfung - 22.06.2010 (27)
  9. icq virus "wie findest du das bild"
    Plagegeister aller Art und deren Bekämpfung - 20.06.2010 (23)
  10. Icq Viru: "Wie findest du das Bild:D"
    Plagegeister aller Art und deren Bekämpfung - 20.06.2010 (6)
  11. "Wie findest du dieses Bild"
    Plagegeister aller Art und deren Bekämpfung - 15.06.2010 (1)
  12. Msn/ICQ - Virus "Wie findest du dieses Bild" (winscdvn.exe)
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (52)
  13. Virus "Wie findest du dieses Bild" (winscdvn.exe)
    Plagegeister aller Art und deren Bekämpfung - 13.06.2010 (1)
  14. ICQ Virus: "Wie findest du mein neues Foto denn so ;D "
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (3)
  15. ICQ: "Wie findest du mein neues Foto denn so ;D "
    Plagegeister aller Art und deren Bekämpfung - 02.06.2010 (0)
  16. ICQ spamt alle Kontakte zu... "Wie findest du mein neues Foto denn so ;D "
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (4)
  17. Ewido findest "Spyware Minibug"
    Plagegeister aller Art und deren Bekämpfung - 14.11.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema ICQ Virus "Wie findest du das Bild?" - Peace, Ich Dumpfbacke lol hab mir auch das Bild gesaugt.Hier mein Report von Anti Malware: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4199 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 - ICQ Virus "Wie findest du das Bild?"...
Archiv
Du betrachtest: ICQ Virus "Wie findest du das Bild?" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55