Ergebnis 1 bis 7 von 7

Thema: Virus/Malware "VX2" hat sich eingenistet!

  1. #1
    Einsteiger
    Registriert seit
    11.04.2005
    Beiträge
    6

    Virus/Malware "VX2" hat sich eingenistet!

    Guten Tag,

    ich habe seit gestern ein großes Problem mit der Malware "VX2"! Ad-aware findet ihn bei jedem Durchlauf, mit dem Add-On VX2Cleaner kann ich ihn nicht entfernen, manuell geht es auch nicht. Hier mal einige Log-Dateien:

    HiJackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 13:55:25, on 11.02.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\taskswitch.exe
    F:\Internet\Java\jre1.5.0_06\bin\jusched.exe
    F:\System\Microsoft AntiSpyware\gcasServ.exe
    C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programme\OpenOffice.org 2.0\program\soffice.exe
    C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
    F:\System\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Programme\AntiVir PersonalEdition Classic\sched.exe
    C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\devldr32.exe
    F:\Multimedia\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    F:\INTERNET\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\explorer.exe
    D:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Internet\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Multimedia\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [gcasServ] "F:\System\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WallPaper] F:\MULTIM~1\WALLPA~1\WALLPA~1.EXE /h
    O4 - Startup: Miranda IM.lnk = F:\Internet\Miranda IM\miranda32.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Adobe Reader - Schnellstart.lnk = F:\Multimedia\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Alles mit FlashGet laden - F:\Internet\FlashGet\jc_all.htm
    O8 - Extra context menu item: Mit FlashGet laden - F:\Internet\FlashGet\jc_link.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1137162914656
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3E776365-E543-4773-A79A-2FA541C7B37F}: NameServer = 192.168.0.254
    O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\gp6ol3j31.dll
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Multimedia\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    Ad-aware:


    Ad-Aware SE Build 1.06r1
    Logfile Created on:Samstag, 11. Februar 2006 13:55:53
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R91 08.02.2006
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    VX2(TAC index:10):1 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Search for low-risk Thread
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects


    11.02.2006 13:55:53 - Scan started. (Smart mode)

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 776
    ThreadCreationTime : 11.02.2006 12:12:47
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 876
    ThreadCreationTime : 11.02.2006 12:12:50
    BasePriority : High


    VX2 Object Recognized!
    Type : Process
    Data : gp6ol3j31.dll
    TAC Rating : 10
    Category : Malware
    Comment : uneg.dll
    Object : C:\WINDOWS\system32\


    Warning! VX2 Object found in memory(C:\WINDOWS\system32\gp6ol3j31.dll)


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 924
    ThreadCreationTime : 11.02.2006 12:12:50
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Betriebssystem Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Anwendung für Dienste und Controller
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
    OriginalFilename : services.exe

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 936
    ThreadCreationTime : 11.02.2006 12:12:50
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:5 [ati2evxx.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1084
    ThreadCreationTime : 11.02.2006 12:12:50
    BasePriority : Normal
    FileVersion : 6.14.10.4124
    ProductVersion : 6.14.10.4124.01
    ProductName : ATI External Event Utility for WindowsNT and Windows9X
    CompanyName : ATI Technologies Inc.
    FileDescription : ATI External Event Utility EXE Module
    InternalName : ATI2EVXX.EXE
    LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
    OriginalFilename : ATI2EVXX.EXE

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1096
    ThreadCreationTime : 11.02.2006 12:12:50
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1300
    ThreadCreationTime : 11.02.2006 12:12:51
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1704
    ThreadCreationTime : 11.02.2006 12:12:51
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:9 [soundman.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 296
    ThreadCreationTime : 11.02.2006 12:12:56
    BasePriority : Normal
    FileVersion : 5.1.0.28
    ProductVersion : 5.1.0.28
    ProductName : Realtek Sound Manager
    CompanyName : Realtek Semiconductor Corp.
    FileDescription : Realtek Sound Manager
    InternalName : ALSMTray
    LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
    OriginalFilename : ALSMTray.exe
    Comments : Realtek AC97 Audio Sound Manager

    #:10 [taskswitch.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 320
    ThreadCreationTime : 11.02.2006 12:12:56
    BasePriority : Normal


    #:11 [jusched.exe]
    FilePath : F:\Internet\Java\jre1.5.0_06\bin\
    ProcessID : 336
    ThreadCreationTime : 11.02.2006 12:12:56
    BasePriority : Normal


    #:12 [gcasserv.exe]
    FilePath : F:\System\Microsoft AntiSpyware\
    ProcessID : 288
    ThreadCreationTime : 11.02.2006 12:12:56
    BasePriority : Idle
    FileVersion : 1.00.0701
    ProductVersion : 1.00.0701
    ProductName : Microsoft AntiSpyware (Beta 1)
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft AntiSpyware Service
    InternalName : gcasServ
    LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
    LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
    OriginalFilename : gcasServ.exe

    #:13 [avgnt.exe]
    FilePath : C:\Programme\AntiVir PersonalEdition Classic\
    ProcessID : 400
    ThreadCreationTime : 11.02.2006 12:12:56
    BasePriority : Normal


    #:14 [soffice.exe]
    FilePath : C:\Programme\OpenOffice.org 2.0\program\
    ProcessID : 484
    ThreadCreationTime : 11.02.2006 12:12:57
    BasePriority : Normal
    FileVersion : 1.09.8985
    ProductVersion : 1.09.8985
    CompanyName : OpenOffice.org
    FileDescription : OpenOffice.org 2.0
    InternalName : SOFFICE
    LegalCopyright : Copyright © 2005 by Sun Microsystems, Inc.
    OriginalFilename : SOFFICE.EXE

    #:15 [soffice.bin]
    FilePath : C:\Programme\OpenOffice.org 2.0\program\
    ProcessID : 492
    ThreadCreationTime : 11.02.2006 12:12:57
    BasePriority : Normal
    FileVersion : 1.09.8985
    ProductVersion : 1.09.8985
    CompanyName : OpenOffice.org
    FileDescription : OpenOffice.org 2.0
    InternalName : SOFFICE
    LegalCopyright : Copyright © 2005 by Sun Microsystems, Inc.
    OriginalFilename : SOFFICE.EXE

    #:16 [gcasdtserv.exe]
    FilePath : F:\System\Microsoft AntiSpyware\
    ProcessID : 524
    ThreadCreationTime : 11.02.2006 12:12:57
    BasePriority : Normal
    FileVersion : 1.00.0701
    ProductVersion : 1.00.0701
    ProductName : Microsoft AntiSpyware (Beta 1)
    CompanyName : Microsoft Corporation
    FileDescription : Microsoft AntiSpyware Data Service
    InternalName : gcasDtServ
    LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
    LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
    OriginalFilename : gcasDtServ.exe

    #:17 [sched.exe]
    FilePath : C:\Programme\AntiVir PersonalEdition Classic\
    ProcessID : 628
    ThreadCreationTime : 11.02.2006 12:13:00
    BasePriority : Normal
    FileVersion : 7.00.00.04
    ProductVersion : 7.00.00.04
    ProductName : AntiVir Scheduler
    CompanyName : H+BEDV Datentechnik GmbH
    FileDescription : AntiVir Scheduler
    InternalName : avschd
    LegalCopyright : Copyright © 1998 - 2005 by H+BEDV Datentechnik GmbH, Germany
    LegalTrademarks : AntiVir® is a registered trademark of H+BEDV Datentechnik GmbH, Germany
    OriginalFilename : sched.exe

    #:18 [avguard.exe]
    FilePath : C:\Programme\AntiVir PersonalEdition Classic\
    ProcessID : 640
    ThreadCreationTime : 11.02.2006 12:13:00
    BasePriority : Normal


    #:19 [devldr32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1140
    ThreadCreationTime : 11.02.2006 12:13:00
    BasePriority : Normal
    FileVersion : 1, 0, 0, 17
    ProductVersion : 1, 0, 0, 17
    ProductName : Creative Ring3 NT Inteface
    CompanyName : Creative Technology Ltd.
    FileDescription : DevLdr32
    InternalName : DevLdr
    LegalCopyright : Copyright (C) Creative Technology Ltd. 1998-2001
    OriginalFilename : DevLdr32.exe

    #:20 [starwindservice.exe]
    FilePath : F:\Multimedia\Alcohol Soft\Alcohol 120\StarWind\
    ProcessID : 1216
    ThreadCreationTime : 11.02.2006 12:13:01
    BasePriority : Normal
    FileVersion : 2.6.1 Build 0x20050401
    ProductVersion : 2.6.1 Build 0x20050401
    ProductName : StarWind
    CompanyName : Rocket Division Software
    FileDescription : StarWind iSCSI Target (Alcohol Edition)
    InternalName : StarWind
    LegalCopyright : Copyright (c) Rocket Division Software 2003-2005. All rights reserved.
    OriginalFilename : StarWind

    #:21 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1244
    ThreadCreationTime : 11.02.2006 12:13:04
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:22 [firefox.exe]
    FilePath : F:\INTERNET\MOZILL~1\
    ProcessID : 3492
    ThreadCreationTime : 11.02.2006 12:16:01
    BasePriority : Normal


    #:23 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1128
    ThreadCreationTime : 11.02.2006 12:47:47
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Betriebssystem Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
    OriginalFilename : EXPLORER.EXE

    #:24 [ad-aware.exe]
    FilePath : F:\Sicherheit\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 3888
    ThreadCreationTime : 11.02.2006 12:55:49
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1



    Deep scanning and examining files...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\WINDOWS
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1

    Disk Scan Result for C:\WINDOWS\system32
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1

    Disk Scan Result for C:\DOKUME~1\DeeJay\LOKALE~1\Temp\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1


    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    32 entries scanned.
    New critical objects:0
    Objects found so far: 1




    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1

    13:56:03 Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:00:09.812
    Objects scanned:73075
    Objects identified:0
    Objects ignored:0
    New critical objects:0

    Ich bin wirklich ratlos! Was kann ich machen, damit VX2 entfernt wird?

  2. #2
    Erfahrener Benutzer
    Registriert seit
    17.06.2005
    Ort
    Weilmünster
    Beiträge
    214

    AW: Virus/Malware "VX2" hat sich eingenistet!

    bitte führe folgendes aus
    • download der aktuellen version von clearprog
    • installieren
    • starten
    • einstellungen bearbeiten
    • ie
      • cookie
      • temp.
      • verlauf
    • windows
      • papierkorb
      • windows temp
      • systemtemp
    • eigene ordner
      • C:\Temp
      • C:\Dokumente und Einstellungen\*profil*\Lokale Einstellungen\Temporary Internet Files
      • C:\Dokumente und Einstellungen\*profil*\Lokale Einstellungen\Temp
      • C:\Windows\Prefetch
    • löschen wählen


    download von datfindbat, führe es nach anleitung aus und poste den inhalt der erstellten logfiles (das werden 4 stück, wobei von c:\windows\system32 nur die letzten 30 tage gepostet werden sollten)
    dann

    lege einen neuen ordner an --> c:\look2mefix
    download von l2mfix.exe(look2me-fix) in diesen ordner
    entpacke das programm in diesem ordner.
    wähle aus dem neuen ordner c:\look2mefix\l2mfix\ die datei l2mfix.bat (oder stapelverarbeitungsdatei für ms-dos) öffne sie mit einem doppelklick.
    ein dos fenster wird geöffnet, warte, bis sich keine veränderungen ergeben und drücke dann irgend eine taste.
    nun wird das auswahlmenü geöffnet, drücke bitte die 1, das system wird gescannt und ein logfile erstellt, dieses bitte posten.(Achtung: verwende keine datei aus dem ordner c:\look2mefix ohne aufforderung)
    starte das programm neuerlich, beende alle anderen programme und wähle nun die 2, der rechner wird nun von dieser malware bereinigt, und neu gestartet (daher sollen alle programme geschlossen sein )
    poste dieses logfile
    starte das programm nun zum letzten mal, wähle nun die 4, poste auch dieses logfile.
    Wer alle seine Ziele erreicht, hat sie wahrscheinlich zu niedrig gewählt!

  3. #3
    Einsteiger
    Registriert seit
    11.04.2005
    Beiträge
    6

    AW: Virus/Malware "VX2" hat sich eingenistet!

    datfindbat Log 1

    Datentr„ger in Laufwerk C: ist System
    Volumeseriennummer: F888-AD85

    Verzeichnis von C:\WINDOWS\system32

    11.02.2006 13:09 236.040 p2r40c9qef.dll
    11.02.2006 13:06 236.371 gp6ol3j31.dll
    11.02.2006 12:18 13.646 wpa.dbl
    10.02.2006 16:47 111.784 FNTCACHE.DAT
    19.01.2006 14:17 2.173.952 osxboot.exe
    19.01.2006 14:09 219.648 uxtheme.dll
    18.01.2006 13:05 57.344 avsda.dll
    15.01.2006 16:13 6.941 jupdate-1.5.0_06-b05.log
    14.01.2006 13:45 311.604 perfh009.dat
    14.01.2006 13:45 316.594 perfh007.dat
    14.01.2006 13:45 48.156 perfc007.dat
    14.01.2006 13:45 39.992 perfc009.dat
    14.01.2006 13:45 723.744 PerfStringBackup.INI
    14.01.2006 13:40 255 spupdwxp.log
    13.01.2006 15:34 13.646 wpa.bak
    12.01.2006 18:09 34.308 BASSMOD.dll
    10.01.2006 19:26 25.065 wmpscheme.xml
    10.01.2006 19:24 261 $winnt$.inf
    10.01.2006 19:23 2.951 CONFIG.NT
    10.01.2006 19:23 16.832 amcompat.tlb
    10.01.2006 19:23 23.392 nscompat.tlb
    10.01.2006 19:22 488 WindowsLogon.manifest
    10.01.2006 19:22 488 logonui.exe.manifest
    10.01.2006 19:22 749 ncpa.cpl.manifest
    10.01.2006 19:22 749 wuaucpl.cpl.manifest
    10.01.2006 19:22 749 nwc.cpl.manifest
    10.01.2006 19:22 749 sapi.cpl.manifest
    10.01.2006 19:22 749 cdplayer.exe.manifest
    10.01.2006 19:20 21.740 emptyregdb.dat
    10.01.2006 19:18 0 h323log.txt
    12.12.2005 07:44 307.200 atiiiexx.dll
    12.12.2005 07:01 258.048 ATIDEMGR.dll
    12.12.2005 06:09 6.684.672 atioglx1.dll
    12.12.2005 04:57 4.968.448 atioglxx.dll
    12.12.2005 04:41 252.928 ati2dvag.dll
    12.12.2005 04:35 110.592 atipdlxx.dll
    12.12.2005 04:35 77.824 Oemdspif.dll
    12.12.2005 04:35 26.112 Ati2mdxx.exe
    12.12.2005 04:35 40.960 ati2edxx.dll
    12.12.2005 04:34 47.104 ati2evxx.dll
    12.12.2005 04:33 393.216 ati2evxx.exe
    12.12.2005 04:33 53.248 ATIDDC.DLL
    12.12.2005 04:25 2.518.016 ati3duag.dll
    12.12.2005 04:18 862.464 ativvaxx.dll
    12.12.2005 04:04 151.552 atikvmag.dll
    12.12.2005 03:39 17.408 atitvo32.dll
    12.12.2005 03:33 237.568 ati2cqag.dll
    11.12.2005 21:05 520.192 ati2sgag.exe
    08.12.2005 23:01 112.421 atiicdxx.dat
    28.11.2005 16:43 6.024 atifglpf.xml
    15.11.2005 12:12 117.976 hashlib.dll
    15.11.2005 12:12 126.680 GCCollection.dll
    15.11.2005 12:12 95.448 gcUnCompress.dll
    10.11.2005 13:03 262.246 javaws.exe
    10.11.2005 13:03 188.529 jpicpl32.cpl
    10.11.2005 11:27 49.250 javaw.exe
    10.11.2005 11:27 49.248 java.exe

    datfindbat Log 2

    Datentr„ger in Laufwerk C: ist System
    Volumeseriennummer: F888-AD85

    Verzeichnis von C:\DOKUME~1\DeeJay\LOKALE~1\Temp

    11.02.2006 14:16 32.768 ~DFD2C0.tmp
    11.02.2006 14:05 16.384 Perflib_Perfdata_848.dat
    11.02.2006 13:57 16.384 ~DFDA75.tmp
    11.02.2006 13:12 32.768 ~DFC742.tmp
    11.02.2006 13:12 32.768 ~DFAB3A.tmp
    5 Datei(en) 131.072 Bytes
    0 Verzeichnis(se), 1.953.513.472 Bytes frei

    datfindbat Log 3

    Datentr„ger in Laufwerk C: ist System
    Volumeseriennummer: F888-AD85

    Verzeichnis von C:\WINDOWS

    11.02.2006 13:29 690.638 setupapi.log
    11.02.2006 13:13 393.450 WindowsUpdate.log
    11.02.2006 13:13 0 0.log
    11.02.2006 13:13 159 wiadebug.log
    11.02.2006 13:13 50 wiaservc.log
    11.02.2006 13:12 2.048 bootstat.dat
    11.02.2006 13:11 1.037.332 ntbtlog.txt
    11.02.2006 12:59 4.450 SchedLgU.Txt
    11.02.2006 00:23 508 win.ini
    11.02.2006 00:23 227 system.ini
    11.02.2006 00:23 116 NeroDigital.ini
    10.02.2006 17:15 129 winamp.ini
    10.02.2006 16:33 0 winsysupd71.dat
    10.02.2006 16:33 24.576 gimmygames.exe
    10.02.2006 16:33 0 myupdates1.dat
    10.02.2006 16:33 40 teller2.chk
    10.02.2006 16:33 43 drsmartload2.dat
    10.02.2006 16:33 69.632 winsysban7.exe
    10.02.2006 16:33 0 gimmygames1.dat
    10.02.2006 16:32 20.480 winsysupd7.exe
    09.02.2006 09:41 189.785 setupact.log
    04.02.2006 19:07 3.643 wmsetup.log
    27.01.2006 16:27 1.772 CDPLAYER.INI
    19.01.2006 14:17 11.753 RestoreFlyakiteOSX.txt
    19.01.2006 09:08 5.378 KB896424.log
    19.01.2006 03:03 5.582 KB901017.log
    19.01.2006 02:35 5.671 KB896422.log
    18.01.2006 20:57 5.771 KB899587.log
    18.01.2006 18:36 5.471 KB899591.log
    18.01.2006 18:17 4.993 KB900725.log
    18.01.2006 18:15 5.131 KB885835.log
    18.01.2006 18:14 5.273 KB893756.log
    18.01.2006 18:05 5.278 KB890046.log
    18.01.2006 18:04 5.181 KB893066.log
    18.01.2006 18:04 4.562 KB873333.log
    18.01.2006 18:02 5.079 KB901214.log
    18.01.2006 15:04 5.408 KB896358.log
    18.01.2006 14:42 3.737 KB890859.log
    18.01.2006 11:20 5.345 KB885836.log
    18.01.2006 04:52 5.249 KB891781.log
    17.01.2006 23:37 5.145 KB888113.log
    17.01.2006 21:45 5.537 KB888302.log
    17.01.2006 05:17 5.047 KB873339.log
    16.01.2006 04:25 4.774 KB904706.log
    15.01.2006 22:31 3.885 KB908519.log
    15.01.2006 18:39 4.181 KB912919.log
    15.01.2006 16:04 0 mozver.dat
    15.01.2006 10:10 4.081 KB905749.log
    15.01.2006 08:26 4.674 KB905414.log
    14.01.2006 20:26 3.979 KB896428.log
    14.01.2006 13:41 3.297 KB896423.log
    14.01.2006 13:41 28.991 spupdsvc.log
    14.01.2006 13:41 1.174 OEWABLog.txt
    14.01.2006 13:41 360 DtcInstall.log
    14.01.2006 13:40 316.640 WMSysPr9.prx
    14.01.2006 13:40 833.233 setuplog.txt
    14.01.2006 13:40 5.715 iis6.log
    14.01.2006 13:40 27.911 comsetup.log
    14.01.2006 13:40 16.070 ntdtcsetup.log
    14.01.2006 13:40 24.074 tsoc.log
    14.01.2006 13:40 4.696 imsins.log
    14.01.2006 13:40 2.928 ocmsn.log
    14.01.2006 13:40 41.920 ocgen.log
    14.01.2006 13:40 2.962 msgsocm.log
    14.01.2006 13:40 47.299 FaxSetup.log
    14.01.2006 13:38 411.506 svcpack.log
    14.01.2006 13:38 1.374 imsins.BAK
    14.01.2006 13:35 200 cmsetacl.log
    14.01.2006 13:35 299.552 WMSysPrx.prx
    14.01.2006 13:35 1.330 sessmgr.setup.log
    14.01.2006 13:28 597 medctroc.Log
    13.01.2006 15:41 8.043 KB898461.log
    13.01.2006 15:41 7.337 KB893803v2.log
    13.01.2006 15:41 5.853 KB842773.log
    11.01.2006 18:15 76.974 DirectX.log
    10.01.2006 19:36 0 nsreg.dat
    10.01.2006 19:29 573 xpsp1hfm.log
    10.01.2006 19:29 200 q329256.log
    10.01.2006 19:25 8.192 REGLOCS.OLD
    10.01.2006 19:23 0 control.ini
    10.01.2006 19:22 4.161 ODBCINST.INI
    10.01.2006 19:22 280 Windows Update.log
    10.01.2006 19:22 749 WindowsShell.Manifest
    10.01.2006 19:20 37 vbaddin.ini
    10.01.2006 19:20 36 vb.ini
    10.01.2006 19:17 0 Sti_Trace.log
    10.01.2006 19:15 1.348 regopt.log
    10.01.2006 19:14 0 setuperr.log
    03.01.2006 17:45 1.989 uninstall_nmon.vbs

    datfindbat Log 4

    Datentr„ger in Laufwerk C: ist System
    Volumeseriennummer: F888-AD85

    Verzeichnis von C:\

    11.02.2006 16:26 0 sys.txt
    11.02.2006 16:26 6.511 system.txt
    11.02.2006 16:24 495 systemtemp.txt
    11.02.2006 16:24 101.217 system32.txt
    11.02.2006 13:47 71 vx2logs.txt
    11.02.2006 00:23 231 boot.ini
    25.01.2006 17:06 1.753 WhoRead149456934.txt
    14.01.2006 13:30 47.564 NTDETECT.COM
    14.01.2006 13:30 251.184 ntldr
    10.01.2006 19:23 0 IO.SYS
    10.01.2006 19:23 0 CONFIG.SYS
    10.01.2006 19:23 0 AUTOEXEC.BAT
    10.01.2006 19:23 0 MSDOS.SYS
    18.08.2001 13:00 4.952 bootfont.bin
    14 Datei(en) 413.978 Bytes
    0 Verzeichnis(se), 1.953.382.400 Bytes frei

    look2mefix Log 1

    L2MFIX find log 1.03
    These are the registry keys present
    ************************************************************ **********************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\gp6ol3j31.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    ************************************************************ **********************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Internet Settings\User Agent\Post Platform]
    "{9C749E57-8EC5-E2A0-1A76-A45A70F7BE63}"=""

    ************************************************************ **********************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Eigenschaften f?r Multimediadatei"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f?r Dokumente"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f?r Freigaben"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f?r Grafikkarten"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f?r Bildschirme"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f?r Anzeigeverschiebung"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f?r Datentr„gerkopien"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f?r Microsoft Windows-Netzwerkobjekte"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f?r die Dateikomprimierung"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f?r Webdrucker"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen? f?r die Verschl?sselung"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f?r HyperTerminal-Icons"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f?r Freigaben"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f?r Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn?pfung"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen?"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf?hren..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr?áungsbildschirm"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz?gen ?ber das Internet"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn?pfung"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
    @=""
    "{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}"="PhotoToys"
    "{72013A26-A94C-11d6-8540-A5E62932711D}"="shlext (1.0.6.6) - context menu support for Miranda v0.3.0.0+"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler"
    "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler"
    "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler"
    "{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer"
    "{5534ABCA-1C54-4CFB-B06A-1563F08BA17E}"=""
    "{E8A1C0C3-DB6E-44CB-9AA8-D20082CB5312}"=""
    "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"
    "{B4FE295A-E2A3-475D-9D1F-87B3C017E112}"=""
    "{AE859314-3A80-4CF6-A533-26A4449AB818}"=""
    "{0DD59171-90DA-4793-9C25-8427C93F650D}"=""
    "{3EF3EE18-0FDE-4AED-AC4F-8AEBD8CE0E80}"=""
    "{F1CB332B-F400-4931-8979-54CDA0617CAD}"=""
    "{57CD588E-8D70-4419-869A-7870753321A7}"=""
    "{D9D4742D-030A-488D-A849-9988642CD5FE}"=""
    "{88065F8A-9EC1-4B6A-A667-E6E2D1069D5D}"=""
    "{2C599C11-6483-4FEC-A3A9-AF4EBF811BB5}"=""
    "{85473FBA-95EE-4DB1-ACCC-7E0BF53D3796}"=""
    "{3DEB0F3D-4CEC-4FE5-80F7-FE1EA84D4E4F}"=""

    ************************************************************ **********************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{5534ABCA-1C54-4CFB-B06A-1563F08BA17E}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{5534ABCA-1C54-4CFB-B06A-1563F08BA17E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{5534ABCA-1C54-4CFB-B06A-1563F08BA17E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{5534ABCA-1C54-4CFB-B06A-1563F08BA17E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mtvcr80.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{AE859314-3A80-4CF6-A533-26A4449AB818}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AE859314-3A80-4CF6-A533-26A4449AB818}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AE859314-3A80-4CF6-A533-26A4449AB818}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AE859314-3A80-4CF6-A533-26A4449AB818}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wjvdmoe.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{0DD59171-90DA-4793-9C25-8427C93F650D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0DD59171-90DA-4793-9C25-8427C93F650D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0DD59171-90DA-4793-9C25-8427C93F650D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0DD59171-90DA-4793-9C25-8427C93F650D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3EF3EE18-0FDE-4AED-AC4F-8AEBD8CE0E80}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3EF3EE18-0FDE-4AED-AC4F-8AEBD8CE0E80}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3EF3EE18-0FDE-4AED-AC4F-8AEBD8CE0E80}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3EF3EE18-0FDE-4AED-AC4F-8AEBD8CE0E80}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dncompos.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F1CB332B-F400-4931-8979-54CDA0617CAD}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F1CB332B-F400-4931-8979-54CDA0617CAD}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F1CB332B-F400-4931-8979-54CDA0617CAD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F1CB332B-F400-4931-8979-54CDA0617CAD}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{57CD588E-8D70-4419-869A-7870753321A7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{57CD588E-8D70-4419-869A-7870753321A7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{57CD588E-8D70-4419-869A-7870753321A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{57CD588E-8D70-4419-869A-7870753321A7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D9D4742D-030A-488D-A849-9988642CD5FE}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D9D4742D-030A-488D-A849-9988642CD5FE}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D9D4742D-030A-488D-A849-9988642CD5FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D9D4742D-030A-488D-A849-9988642CD5FE}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dbraw.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{88065F8A-9EC1-4B6A-A667-E6E2D1069D5D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{88065F8A-9EC1-4B6A-A667-E6E2D1069D5D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{88065F8A-9EC1-4B6A-A667-E6E2D1069D5D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{88065F8A-9EC1-4B6A-A667-E6E2D1069D5D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2C599C11-6483-4FEC-A3A9-AF4EBF811BB5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2C599C11-6483-4FEC-A3A9-AF4EBF811BB5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2C599C11-6483-4FEC-A3A9-AF4EBF811BB5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2C599C11-6483-4FEC-A3A9-AF4EBF811BB5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\cxmcat.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{85473FBA-95EE-4DB1-ACCC-7E0BF53D3796}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{85473FBA-95EE-4DB1-ACCC-7E0BF53D3796}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{85473FBA-95EE-4DB1-ACCC-7E0BF53D3796}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{85473FBA-95EE-4DB1-ACCC-7E0BF53D3796}\InprocServer32]
    @="C:\\WINDOWS\\system32\\jrsd400.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3DEB0F3D-4CEC-4FE5-80F7-FE1EA84D4E4F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3DEB0F3D-4CEC-4FE5-80F7-FE1EA84D4E4F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3DEB0F3D-4CEC-4FE5-80F7-FE1EA84D4E4F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3DEB0F3D-4CEC-4FE5-80F7-FE1EA84D4E4F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    ************************************************************ **********************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    ati2cqag.dll Mon 12 Dec 2005 3:33:44 A.... 237.568 232,00 K
    ati2dvag.dll Mon 12 Dec 2005 4:41:04 A.... 252.928 247,00 K
    ati2edxx.dll Mon 12 Dec 2005 4:35:08 A.... 40.960 40,00 K
    ati2evxx.dll Mon 12 Dec 2005 4:34:56 A.... 47.104 46,00 K
    ati3duag.dll Mon 12 Dec 2005 4:25:10 A.... 2.518.016 2,40 M
    atiddc.dll Mon 12 Dec 2005 4:33:14 A.... 53.248 52,00 K
    atidemgr.dll Mon 12 Dec 2005 7:01:40 A.... 258.048 252,00 K
    atiiiexx.dll Mon 12 Dec 2005 7:44:34 A.... 307.200 300,00 K
    atikvmag.dll Mon 12 Dec 2005 4:04:22 A.... 151.552 148,00 K
    atioglx1.dll Mon 12 Dec 2005 6:09:54 A.... 6.684.672 6,38 M
    atioglxx.dll Mon 12 Dec 2005 4:57:46 A.... 4.968.448 4,74 M
    atipdlxx.dll Mon 12 Dec 2005 4:35:38 A.... 110.592 108,00 K
    atitvo32.dll Mon 12 Dec 2005 3:39:32 A.... 17.408 17,00 K
    ativvaxx.dll Mon 12 Dec 2005 4:18:38 A.... 862.464 842,25 K
    avsda.dll Wed 18 Jan 2006 13:05:54 A.... 57.344 56,00 K
    bassmod.dll Thu 12 Jan 2006 18:09:08 A.... 34.308 33,50 K
    gccoll~1.dll Tue 15 Nov 2005 12:12:08 A.... 126.680 123,71 K
    gcunco~1.dll Tue 15 Nov 2005 12:12:06 A.... 95.448 93,21 K
    gp6ol3~1.dll Sat 11 Feb 2006 13:06:06 A.... 236.371 230,83 K
    hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117.976 115,21 K
    oemdspif.dll Mon 12 Dec 2005 4:35:24 A.... 77.824 76,00 K
    p2r40c~1.dll Sat 11 Feb 2006 13:09:02 ..... 236.040 230,51 K
    uxtheme.dll Thu 19 Jan 2006 14:09:10 A.... 219.648 214,50 K

    23 items found: 23 files, 0 directories.
    Total of file sizes: 17.711.847 bytes 16,89 M
    Locate .tmp files:

    No matches found.
    ************************************************************ **********************
    Directory Listing of system files:
    Datentr„ger in Laufwerk C: ist System
    Volumeseriennummer: F888-AD85

    Verzeichnis von C:\WINDOWS\System32

    14.01.2006 14:07 <DIR> dllcache
    10.01.2006 19:28 <DIR> Microsoft
    0 Datei(en) 0 Bytes
    2 Verzeichnis(se), 1.952.174.080 Bytes frei

    look2mefix Log 2

    L2Mfix 1.03

    Running From:
    C:\LOOK2M~1\l2mfix



    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-NI) ALLOW Read VORDEFINIERT\Benutzer
    (ID-IO) ALLOW Read VORDEFINIERT\Benutzer
    (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access ERSTELLER-BESITZER



    Setting registry permissions:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!


    Denying C(CI) access for predefined group "Administrators"
    - adding new ACCESS DENY entry


    Registry Permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (CI) DENY --C------- VORDEFINIERT\Administratoren
    (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-NI) ALLOW Read VORDEFINIERT\Benutzer
    (ID-IO) ALLOW Read VORDEFINIERT\Benutzer
    (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access ERSTELLER-BESITZER



    Setting up for Reboot


    Starting Reboot!

    C:\look2mefix\l2mfix
    System Rebooted!

    Running From:
    C:\look2mefix\l2mfix

    killing explorer and rundll32.exe

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 1936 'explorer.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Error, Cannot find a process with an image name of rundll32.exe

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!
    Backing Up: C:\WINDOWS\system32\p2r40c9qef.dll
    1 Datei(en) kopiert.
    deleting: C:\WINDOWS\system32\p2r40c9qef.dll
    Successfully Deleted: C:\WINDOWS\system32\p2r40c9qef.dll


    Zipping up files for submission:
    adding: p2r40c9qef.dll (188 bytes security) (deflated 5%)
    adding: clear.reg (188 bytes security) (deflated 67%)
    adding: echo.reg (188 bytes security) (deflated 9%)
    adding: direct.txt (188 bytes security) (stored 0%)
    adding: lo2.txt (188 bytes security) (deflated 70%)
    adding: readme.txt (188 bytes security) (deflated 49%)
    adding: report.txt (188 bytes security) (deflated 67%)
    adding: test.txt (188 bytes security) (stored 0%)
    adding: test2.txt (188 bytes security) (deflated 47%)
    adding: test3.txt (188 bytes security) (deflated 47%)
    adding: test5.txt (188 bytes security) (deflated 47%)
    adding: xfind.txt (188 bytes security) (stored 0%)
    adding: backregs/0DD59171-90DA-4793-9C25-8427C93F650D.reg (188 bytes security) (deflated 70%)
    adding: backregs/2C599C11-6483-4FEC-A3A9-AF4EBF811BB5.reg (188 bytes security) (deflated 70%)
    adding: backregs/3DEB0F3D-4CEC-4FE5-80F7-FE1EA84D4E4F.reg (188 bytes security) (deflated 70%)
    adding: backregs/3EF3EE18-0FDE-4AED-AC4F-8AEBD8CE0E80.reg (188 bytes security) (deflated 70%)
    adding: backregs/5534ABCA-1C54-4CFB-B06A-1563F08BA17E.reg (188 bytes security) (deflated 70%)
    adding: backregs/57CD588E-8D70-4419-869A-7870753321A7.reg (188 bytes security) (deflated 70%)
    adding: backregs/85473FBA-95EE-4DB1-ACCC-7E0BF53D3796.reg (188 bytes security) (deflated 70%)
    adding: backregs/88065F8A-9EC1-4B6A-A667-E6E2D1069D5D.reg (188 bytes security) (deflated 70%)
    adding: backregs/AE859314-3A80-4CF6-A533-26A4449AB818.reg (188 bytes security) (deflated 70%)
    adding: backregs/D9D4742D-030A-488D-A849-9988642CD5FE.reg (188 bytes security) (deflated 70%)
    adding: backregs/F1CB332B-F400-4931-8979-54CDA0617CAD.reg (188 bytes security) (deflated 70%)
    adding: backregs/shell.reg (188 bytes security) (deflated 72%)

    Restoring Registry Permissions:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!


    Revoking access for predefined group "Administrators"
    Inherited ACE can not be revoked here!
    Inherited ACE can not be revoked here!


    Registry permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-NI) ALLOW Read VORDEFINIERT\Benutzer
    (ID-IO) ALLOW Read VORDEFINIERT\Benutzer
    (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access ERSTELLER-BESITZER


    Restoring Sedebugprivilege:

    Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

    deleting local copy: p2r40c9qef.dll

    The following Is the Current Export of the Winlogon notify key:
    ************************************************************ ****************
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


    The following are the files found:
    ************************************************************ ****************
    C:\WINDOWS\system32\p2r40c9qef.dll

    Registry Entries that were Deleted:
    Please verify that the listing looks ok.
    If there was something deleted wrongly there are backups in the backreg folder.
    ************************************************************ ****************
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Shell Extensions\Approved]
    "{5534ABCA-1C54-4CFB-B06A-1563F08BA17E}"=-
    "{E8A1C0C3-DB6E-44CB-9AA8-D20082CB5312}"=-
    "{B4FE295A-E2A3-475D-9D1F-87B3C017E112}"=-
    "{AE859314-3A80-4CF6-A533-26A4449AB818}"=-
    "{0DD59171-90DA-4793-9C25-8427C93F650D}"=-
    "{3EF3EE18-0FDE-4AED-AC4F-8AEBD8CE0E80}"=-
    "{F1CB332B-F400-4931-8979-54CDA0617CAD}"=-
    "{57CD588E-8D70-4419-869A-7870753321A7}"=-
    "{D9D4742D-030A-488D-A849-9988642CD5FE}"=-
    "{88065F8A-9EC1-4B6A-A667-E6E2D1069D5D}"=-
    "{2C599C11-6483-4FEC-A3A9-AF4EBF811BB5}"=-
    "{85473FBA-95EE-4DB1-ACCC-7E0BF53D3796}"=-
    "{3DEB0F3D-4CEC-4FE5-80F7-FE1EA84D4E4F}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{5534ABCA-1C54-4CFB-B06A-1563F08BA17E}]
    [-HKEY_CLASSES_ROOT\CLSID\{E8A1C0C3-DB6E-44CB-9AA8-D20082CB5312}]
    [-HKEY_CLASSES_ROOT\CLSID\{B4FE295A-E2A3-475D-9D1F-87B3C017E112}]
    [-HKEY_CLASSES_ROOT\CLSID\{AE859314-3A80-4CF6-A533-26A4449AB818}]
    [-HKEY_CLASSES_ROOT\CLSID\{0DD59171-90DA-4793-9C25-8427C93F650D}]
    [-HKEY_CLASSES_ROOT\CLSID\{3EF3EE18-0FDE-4AED-AC4F-8AEBD8CE0E80}]
    [-HKEY_CLASSES_ROOT\CLSID\{F1CB332B-F400-4931-8979-54CDA0617CAD}]
    [-HKEY_CLASSES_ROOT\CLSID\{57CD588E-8D70-4419-869A-7870753321A7}]
    [-HKEY_CLASSES_ROOT\CLSID\{D9D4742D-030A-488D-A849-9988642CD5FE}]
    [-HKEY_CLASSES_ROOT\CLSID\{88065F8A-9EC1-4B6A-A667-E6E2D1069D5D}]
    [-HKEY_CLASSES_ROOT\CLSID\{2C599C11-6483-4FEC-A3A9-AF4EBF811BB5}]
    [-HKEY_CLASSES_ROOT\CLSID\{85473FBA-95EE-4DB1-ACCC-7E0BF53D3796}]
    [-HKEY_CLASSES_ROOT\CLSID\{3DEB0F3D-4CEC-4FE5-80F7-FE1EA84D4E4F}]
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Internet Settings\User Agent\Post Platform]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Internet Settings\User Agent\Post Platform]
    "SV1"=""
    ************************************************************ ****************
    Desktop.ini Contents:
    ************************************************************ ****************
    ************************************************************ ****************
    
    look2mefix Log 3

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2 e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,7 4,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    Geändert von DeeJay (11.02.2006 um 17:26 Uhr)

  4. #4
    Erfahrener Benutzer
    Registriert seit
    17.06.2005
    Ort
    Weilmünster
    Beiträge
    214

    AW: Virus/Malware "VX2" hat sich eingenistet!

    @DeeJay

    download von SmitfraudFix (S!Ri, moe31 und balltrap34)
    entpacke es (SIMPLYZIP)auf dem desktop
    starte es nun und w&#228;hle die option 1
    poste das logfile
    starte es nocheinmal, w&#228;hle nun die option 2
    gib &#252;berall "oui" (ja) ein.
    neustart des system durchf&#252;hren.
    erstelle und poste ein neues hijackThis logfile
    und lass clearprog noch einmal laufen
    lass datfindbat nocheinmal laufen, poste die logfiles, auch von HJT
    Wer alle seine Ziele erreicht, hat sie wahrscheinlich zu niedrig gewählt!

  5. #5
    Einsteiger
    Registriert seit
    11.04.2005
    Beiträge
    6

    AW: Virus/Malware "VX2" hat sich eingenistet!

    SmitfraudFix Log 1

    SmitFraudFix v2.19

    Rapport fait &#224; 17:27:45,04 le 11.02.2006
    Execut&#233; &#224; partir de C:\Dokumente und Einstellungen\DeeJay\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600]

    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche C:\


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche C:\WINDOWS


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche C:\WINDOWS\system


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche C:\WINDOWS\Web


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche C:\WINDOWS\system32


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche ...\Application Data


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche Menu D&#233;marrer


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche Bureau


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche C:\Programme


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche pr&#233;sence de cl&#233;s corrompues


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche &#233;l&#233;ments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Die derzeitige Homepage"


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche Sharedtaskscheduler

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

    [HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Recherche infection wininet.dll


    &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187;&#187; &#187;&#187;&#187;&#187; Fin du rapport

  6. #6
    Einsteiger
    Registriert seit
    11.04.2005
    Beiträge
    6

    AW: Virus/Malware "VX2" hat sich eingenistet!

    HJT Logfile

    Logfile of HijackThis v1.99.1
    Scan saved at 18:13:25, on 11.02.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\taskswitch.exe
    F:\Internet\Java\jre1.5.0_06\bin\jusched.exe
    F:\Multimedia\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    F:\System\Microsoft AntiSpyware\gcasServ.exe
    C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
    F:\System\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Programme\AntiVir PersonalEdition Classic\sched.exe
    C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
    F:\Multimedia\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\explorer.exe
    F:\Internet\Miranda IM\miranda32.exe
    F:\Internet\Ad Muncher\AdMunch.exe
    F:\System\ATITool\ATITool.exe
    F:\System\distributed.net\dnetc.exe
    F:\System\jalcds\jaLCDs.exe
    F:\Multimedia\Wallpaper Changer\WallPaper.exe
    E:\Eigene Dateien\procexpnt\procexp.exe
    F:\INTERNET\MOZILL~1\FIREFOX.EXE
    D:\HijackThis.exe

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Internet\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Multimedia\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [gcasServ] "F:\System\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WallPaper] F:\MULTIM~1\WALLPA~1\WALLPA~1.EXE /h
    O4 - Startup: Miranda IM.lnk = F:\Internet\Miranda IM\miranda32.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Adobe Reader - Schnellstart.lnk = F:\Multimedia\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Alles mit FlashGet laden - F:\Internet\FlashGet\jc_all.htm
    O8 - Extra context menu item: Mit FlashGet laden - F:\Internet\FlashGet\jc_link.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1137162914656
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3E776365-E543-4773-A79A-2FA541C7B37F}: NameServer = 192.168.0.254
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Multimedia\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    datfindbat

    Datentr„ger in Laufwerk C: ist System
    Volumeseriennummer: F888-AD85

    Verzeichnis von C:\WINDOWS\system32

    11.02.2006 12:18 13.646 wpa.dbl
    10.02.2006 16:47 111.784 FNTCACHE.DAT
    19.01.2006 14:17 2.173.952 osxboot.exe
    19.01.2006 14:09 219.648 uxtheme.dll
    18.01.2006 13:05 57.344 avsda.dll
    15.01.2006 16:13 6.941 jupdate-1.5.0_06-b05.log
    14.01.2006 13:45 316.594 perfh007.dat
    14.01.2006 13:45 48.156 perfc007.dat
    14.01.2006 13:45 39.992 perfc009.dat
    14.01.2006 13:45 311.604 perfh009.dat
    14.01.2006 13:45 723.744 PerfStringBackup.INI
    14.01.2006 13:40 255 spupdwxp.log
    13.01.2006 15:34 13.646 wpa.bak
    12.01.2006 18:09 34.308 BASSMOD.dll
    10.01.2006 19:26 25.065 wmpscheme.xml
    10.01.2006 19:24 261 $winnt$.inf
    10.01.2006 19:23 2.951 CONFIG.NT
    10.01.2006 19:23 16.832 amcompat.tlb
    10.01.2006 19:23 23.392 nscompat.tlb
    10.01.2006 19:22 488 logonui.exe.manifest
    10.01.2006 19:22 488 WindowsLogon.manifest
    10.01.2006 19:22 749 sapi.cpl.manifest
    10.01.2006 19:22 749 nwc.cpl.manifest
    10.01.2006 19:22 749 cdplayer.exe.manifest
    10.01.2006 19:22 749 wuaucpl.cpl.manifest
    10.01.2006 19:22 749 ncpa.cpl.manifest
    10.01.2006 19:20 21.740 emptyregdb.dat
    10.01.2006 19:18 0 h323log.txt
    2075 Datei(en) 487.835.629 Bytes
    0 Verzeichnis(se), 1.947.516.928 Bytes frei
    Geändert von DeeJay (13.02.2006 um 14:10 Uhr)

  7. #7
    Erfahrener Benutzer
    Registriert seit
    17.06.2005
    Ort
    Weilmünster
    Beiträge
    214

    AW: Virus/Malware "VX2" hat sich eingenistet!

    Bitte editiere mit der &#228;ndern Funktion dein letztes Posting der System32 log

    das werden 4 st&#252;ck, wobei von c:\windows\system32 nur die letzten 30 tage gepostet werden sollten
    die anderen 3 logs w&#252;rde ich auch gerne noch mal sehen ;-)
    Geändert von minja (11.02.2006 um 19:07 Uhr)
    Wer alle seine Ziele erreicht, hat sie wahrscheinlich zu niedrig gewählt!

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Antworten: 5
    Letzter Beitrag: 25.01.2006, 01:16
  2. Antworten: 2
    Letzter Beitrag: 25.12.2005, 18:05
  3. Antworten: 6
    Letzter Beitrag: 16.08.2005, 12:29
  4. Malware "WareOut"
    Von MataHari im Forum Archiv
    Antworten: 3
    Letzter Beitrag: 13.07.2005, 21:37
  5. Antworten: 0
    Letzter Beitrag: 28.12.2004, 15:53

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •