c
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1A5E-12E9
Verzeichnis von C:\
07.06.2006 14:17 0 sys.txt
07.06.2006 14:16 6.312 system.txt
07.06.2006 14:16 1.769 systemtemp.txt
07.06.2006 14:11 90.806 system32.txt
07.06.2006 14:07 4.160 files.txt
07.06.2006 13:53 502.845.440 hiberfil.sys
07.06.2006 13:53 754.974.720 pagefile.sys
07.06.2006 11:12 1.384 rapport.txt
07.06.2006 10:48 15.750 avenger.txt
06.06.2006 17:53 2 DirDPFCns.txt
06.06.2006 17:53 1.778 DirDPF.txt
06.06.2006 17:53 4.426 look.txt
14.04.2003 19:40 506 IPH.PH
18.04.2002 20:05 194 boot.ini
10.09.2001 12:37 0 CONFIG.SYS
10.09.2001 12:37 0 AUTOEXEC.BAT
10.09.2001 12:37 0 MSDOS.SYS
10.09.2001 12:37 0 IO.SYS
10.09.2001 11:49 512 BOOTSECT.DOS
18.08.2001 13:00 224.032 ntldr
18.08.2001 13:00 45.124 NTDETECT.COM
18.08.2001 13:00 4.952 bootfont.bin
22 Datei(en) 1.258.221.867 Bytes
0 Verzeichnis(se), 22.233.300.992 Bytes frei
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
alles voller viren...hilfe!
45 Beiträge • Seite 2 von 3 • 1, 2, 3
von moimoi am 07.06.2006, 14:33
neues hijack log
Logfile of HijackThis v1.99.1
Scan saved at 14:32:04, on 07.06.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\system32\slserv.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\clcbt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\Dokumente und Einstellungen\TEMP.CUSTOMER-DE25EC.005\Desktop\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerDVD] C:\Programme\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [clcbt.exe] C:\WINDOWS\System32\clcbt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Programme\AMD\PowerNow!\GemServ.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Logfile of HijackThis v1.99.1
Scan saved at 14:32:04, on 07.06.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\system32\slserv.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\clcbt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\Dokumente und Einstellungen\TEMP.CUSTOMER-DE25EC.005\Desktop\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerDVD] C:\Programme\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [clcbt.exe] C:\WINDOWS\System32\clcbt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Programme\AMD\PowerNow!\GemServ.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
- moimoi
- Beiträge: 33
- Registriert: 06.06.2006, 11:56
von moimoi am 07.06.2006, 14:39
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"(Default)" = """ = (data in unrecognized format!)" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"OEM-Reset" = (empty string)
"Norman ZANDA" = "C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH" [null data]
"S3hotkey" = "S3hotkey.exe" ["S3 Graphics, Inc."]
"S3TRAY2" = "S3tray2.exe" ["S3 Graphics, Inc."]
"Microsoft Works Portfolio" = "C:\Programme\Microsoft Works\WksSb.exe /AllUsers" ["Microsoft® Corporation"]
"Microsoft Works Update Detection" = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"iTunesHelper" = "C:\Programme\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"PowerDVD" = "C:\Programme\CyberLink\PowerDVD\PowerDVD.exe /autostart" ["CyberLink Corp."]
"RealTray" = "C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data]
"ICQ Lite" = ""C:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."]
"avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["H+BEDV Datentechnik GmbH"]
"(Default)" = """ = (data in unrecognized format!)" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! winm32\DLLName = "winm32.dll" [** WMI GetObject error **]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\NORMAN\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\NORMAN\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\NORMAN\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir PersonalEdition Classic Planer, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]
GEARSecurity, GEARSecurity, "C:\WINDOWS\System32\GEARSEC.EXE" ["GEAR Software"]
Norman Virus Control on-access component, nvcoas, "C:\NORMAN\Nvc\BIN\nvcoas.exe" ["Norman ASA"]
Norman Virus Control Scheduler, NVCScheduler, "C:\NORMAN\Nvc\BIN\NVCSCHED.EXE" ["Norman Data Defense Systems"]
SmartLinkService, SLService, "slserv.exe" [" "]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]
hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 177 seconds, including 18 seconds for message boxes)
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"(Default)" = """ = (data in unrecognized format!)" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"OEM-Reset" = (empty string)
"Norman ZANDA" = "C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH" [null data]
"S3hotkey" = "S3hotkey.exe" ["S3 Graphics, Inc."]
"S3TRAY2" = "S3tray2.exe" ["S3 Graphics, Inc."]
"Microsoft Works Portfolio" = "C:\Programme\Microsoft Works\WksSb.exe /AllUsers" ["Microsoft® Corporation"]
"Microsoft Works Update Detection" = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"iTunesHelper" = "C:\Programme\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"PowerDVD" = "C:\Programme\CyberLink\PowerDVD\PowerDVD.exe /autostart" ["CyberLink Corp."]
"RealTray" = "C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data]
"ICQ Lite" = ""C:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."]
"avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["H+BEDV Datentechnik GmbH"]
"(Default)" = """ = (data in unrecognized format!)" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! winm32\DLLName = "winm32.dll" [** WMI GetObject error **]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\NORMAN\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\NORMAN\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {HKLM...CLSID} = "Norman Virus Control Shell Extension"
\InProcServer32\(Default) = "C:\NORMAN\Nvc\BIN\NVCSE.DLL" ["Norman Data Defense Systems"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir PersonalEdition Classic Planer, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]
GEARSecurity, GEARSecurity, "C:\WINDOWS\System32\GEARSEC.EXE" ["GEAR Software"]
Norman Virus Control on-access component, nvcoas, "C:\NORMAN\Nvc\BIN\nvcoas.exe" ["Norman ASA"]
Norman Virus Control Scheduler, NVCScheduler, "C:\NORMAN\Nvc\BIN\NVCSCHED.EXE" ["Norman Data Defense Systems"]
SmartLinkService, SLService, "slserv.exe" [" "]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]
hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 177 seconds, including 18 seconds for message boxes)
- moimoi
- Beiträge: 33
- Registriert: 06.06.2006, 11:56
von moimoi am 07.06.2006, 14:46
hier noch das log von blacklight
muss ich nach diesem scan eigentlich noch auf "clean" drücken oder direkt "close"??
06/07/06 14:42:02 [Info]: BlackLight Engine 1.0.37 initialized
06/07/06 14:42:02 [Info]: OS: 5.1 build 2600 ()
06/07/06 14:42:03 [Note]: 7019 4
06/07/06 14:42:03 [Note]: 7005 0
06/07/06 14:42:05 [Note]: 7006 0
06/07/06 14:42:05 [Error]: 6009 1
06/07/06 14:42:05 [Error]: 6009 0
06/07/06 14:42:06 [Note]: 7026 0
06/07/06 14:42:06 [Note]: 7026 0
06/07/06 14:42:06 [Note]: 7024 3
06/07/06 14:42:06 [Info]: Hidden process: C:\WINDOWS\System32\clcbt.exe
06/07/06 14:42:06 [Note]: 7024 3
06/07/06 14:42:06 [Info]: Hidden process: \??\C:\WINDOWS\system32\winlogon.exe
06/07/06 14:42:07 [Note]: 7024 3
06/07/06 14:42:07 [Info]: Hidden process: C:\WINDOWS\Explorer.EXE
06/07/06 14:42:07 [Note]: FSRAW library version 1.7.1015
06/07/06 14:42:13 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\WINM32.DLL
06/07/06 14:42:16 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\QZ.DLL
06/07/06 14:42:16 [Note]: 7002 0
06/07/06 14:42:16 [Note]: 7003 1
06/07/06 14:42:17 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\WINM64.SYS
06/07/06 14:42:17 [Note]: 7002 0
06/07/06 14:42:17 [Note]: 7003 1
06/07/06 14:42:18 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\QZ.SYS
06/07/06 14:42:18 [Note]: 7002 0
06/07/06 14:42:18 [Note]: 7003 1
06/07/06 14:42:20 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\WINM32.SYS
06/07/06 14:42:20 [Note]: 7002 0
06/07/06 14:42:20 [Note]: 7003 1
06/07/06 14:42:21 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\QY.SYS
06/07/06 14:42:21 [Note]: 7002 0
06/07/06 14:42:21 [Note]: 7003 1
06/07/06 14:42:22 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\P3.INI
06/07/06 14:42:24 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\KLOGINI.DLL
06/07/06 14:42:24 [Info]: Hidden file: C:\WINDOWS\System32\clcbt.exe
06/07/06 14:42:24 [Note]: 10002 2
06/07/06 14:42:28 [Info]: Hidden file: c:\WINDOWS\Prefetch\CLCBT.EXE-1B55EDA4.pf
06/07/06 14:42:28 [Note]: 10002 2
06/07/06 14:43:22 [Note]: 7002 0
06/07/06 14:43:22 [Note]: 7003 1
06/07/06 14:43:22 [Error]: 6023 5
muss ich nach diesem scan eigentlich noch auf "clean" drücken oder direkt "close"??
06/07/06 14:42:02 [Info]: BlackLight Engine 1.0.37 initialized
06/07/06 14:42:02 [Info]: OS: 5.1 build 2600 ()
06/07/06 14:42:03 [Note]: 7019 4
06/07/06 14:42:03 [Note]: 7005 0
06/07/06 14:42:05 [Note]: 7006 0
06/07/06 14:42:05 [Error]: 6009 1
06/07/06 14:42:05 [Error]: 6009 0
06/07/06 14:42:06 [Note]: 7026 0
06/07/06 14:42:06 [Note]: 7026 0
06/07/06 14:42:06 [Note]: 7024 3
06/07/06 14:42:06 [Info]: Hidden process: C:\WINDOWS\System32\clcbt.exe
06/07/06 14:42:06 [Note]: 7024 3
06/07/06 14:42:06 [Info]: Hidden process: \??\C:\WINDOWS\system32\winlogon.exe
06/07/06 14:42:07 [Note]: 7024 3
06/07/06 14:42:07 [Info]: Hidden process: C:\WINDOWS\Explorer.EXE
06/07/06 14:42:07 [Note]: FSRAW library version 1.7.1015
06/07/06 14:42:13 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\WINM32.DLL
06/07/06 14:42:16 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\QZ.DLL
06/07/06 14:42:16 [Note]: 7002 0
06/07/06 14:42:16 [Note]: 7003 1
06/07/06 14:42:17 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\WINM64.SYS
06/07/06 14:42:17 [Note]: 7002 0
06/07/06 14:42:17 [Note]: 7003 1
06/07/06 14:42:18 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\QZ.SYS
06/07/06 14:42:18 [Note]: 7002 0
06/07/06 14:42:18 [Note]: 7003 1
06/07/06 14:42:20 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\WINM32.SYS
06/07/06 14:42:20 [Note]: 7002 0
06/07/06 14:42:20 [Note]: 7003 1
06/07/06 14:42:21 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\QY.SYS
06/07/06 14:42:21 [Note]: 7002 0
06/07/06 14:42:21 [Note]: 7003 1
06/07/06 14:42:22 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\P3.INI
06/07/06 14:42:24 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\KLOGINI.DLL
06/07/06 14:42:24 [Info]: Hidden file: C:\WINDOWS\System32\clcbt.exe
06/07/06 14:42:24 [Note]: 10002 2
06/07/06 14:42:28 [Info]: Hidden file: c:\WINDOWS\Prefetch\CLCBT.EXE-1B55EDA4.pf
06/07/06 14:42:28 [Note]: 10002 2
06/07/06 14:43:22 [Note]: 7002 0
06/07/06 14:43:22 [Note]: 7003 1
06/07/06 14:43:22 [Error]: 6023 5
- moimoi
- Beiträge: 33
- Registriert: 06.06.2006, 11:56
von Nikita am 07.06.2006, 15:08
kopiere in den Avenger:
Files to delete:
C:\WINDOWS\inet20026\services.exe
C:\WINDOWS\inet20026\winlogon.exe
C:\WINDOWS\inet20026\3.03.00.dll
C:\WINDOWS\inet20026\mm.pid
C:\WINDOWS\inet20026\1.txt
C:\WINDOWS\inet20026\tmp.req
C:\WINDOWS\inet20026\mm6.exe
C:\WINDOWS\inet20026\mm5.exe.bak
C:\WINDOWS\inet20026\mm5.exe
C:\WINDOWS\inet20026\alg.exe.bak
C:\WINDOWS\inet20026\alg.exe
C:\WINDOWS\inet20026\select.exe.bak
C:\WINDOWS\inet20026\select.exe
C:\WINDOWS\inet20026\killer.exe.bak
C:\WINDOWS\inet20026\killer.exe
C:\WINDOWS\inet20026\socks.exe.bak
C:\WINDOWS\inet20026\socks.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00010.dll
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00013.dll
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00014.dll
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.dll
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00016.dll
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00017.exe
C:\Programme\Internet Explorer\winbrume.dat
C:\Programme\Internet Explorer\lock.exe
C:\Programme\Internet Explorer\update.exe
C:\WINDOWS\comdlg66.dll
C:\WINDOWS\system32\d.bat
C:\WINDOWS\system32\dxvwynas.exe
C:\WINDOWS\system32\dxvwpmos.exe
C:\WINDOWS\system32\dxvwasmt.exe
C:\WINDOWS\system32\dxvwmwqi.exe
C:\WINDOWS\System32\clcbt.exe
c:\WINDOWS\SYSTEM32\WINM32.DLL
c:\WINDOWS\SYSTEM32\QZ.DLL
c:\WINDOWS\SYSTEM32\WINM64.SYS
c:\WINDOWS\SYSTEM32\QZ.SYS
c:\WINDOWS\SYSTEM32\WINM32.SYS
c:\WINDOWS\SYSTEM32\QY.SYS
c:\WINDOWS\SYSTEM32\P3.INI
c:\WINDOWS\Prefetch\CLCBT.EXE-1B55EDA4.pf
C:\WINDOWS\SYSTEM32\winm32.dll
klicke die gruene Ampel, neustarten - poste den report
**
loesche
C:\WINDOWS\inet20026\
**
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html
Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: ....
C:\Dokumente und Einstellungen\TEMP.CUSTOMER-DE25EC.000\Lokale Einstellungen\Anwendungsdaten\efd9e5d5.exe
C:\Dokumente und Einstellungen\TEMP.CUSTOMER-DE25EC.000\Lokale Einstellungen\Anwendungsdaten\fec7cee1.exe
PC neustarten
**
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)
WINM64.SYS
in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
in: "Enter search strings" (reinschreiben oder reinkopieren)
WINM32.SYS
in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
in: "Enter search strings" (reinschreiben oder reinkopieren)
QZ.SYS
in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
---------------
Zuletzt geändert von Nikita am 07.06.2006, 17:26, insgesamt 1-mal geändert.
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von moimoi am 07.06.2006, 16:33
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cfhbabgj
*******************
Script file located at: \??\C:\ltdjokwy.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\inet20026\services.exe not found!
Deletion of file C:\WINDOWS\inet20026\services.exe failed!
Could not process line:
C:\WINDOWS\inet20026\services.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\winlogon.exe not found!
Deletion of file C:\WINDOWS\inet20026\winlogon.exe failed!
Could not process line:
C:\WINDOWS\inet20026\winlogon.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\3.03.00.dll not found!
Deletion of file C:\WINDOWS\inet20026\3.03.00.dll failed!
Could not process line:
C:\WINDOWS\inet20026\3.03.00.dll
Status: 0xc0000034
File C:\WINDOWS\inet20026\mm.pid not found!
Deletion of file C:\WINDOWS\inet20026\mm.pid failed!
Could not process line:
C:\WINDOWS\inet20026\mm.pid
Status: 0xc0000034
File C:\WINDOWS\inet20026\1.txt not found!
Deletion of file C:\WINDOWS\inet20026\1.txt failed!
Could not process line:
C:\WINDOWS\inet20026\1.txt
Status: 0xc0000034
File C:\WINDOWS\inet20026\tmp.req not found!
Deletion of file C:\WINDOWS\inet20026\tmp.req failed!
Could not process line:
C:\WINDOWS\inet20026\tmp.req
Status: 0xc0000034
File C:\WINDOWS\inet20026\mm6.exe not found!
Deletion of file C:\WINDOWS\inet20026\mm6.exe failed!
Could not process line:
C:\WINDOWS\inet20026\mm6.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\mm5.exe.bak not found!
Deletion of file C:\WINDOWS\inet20026\mm5.exe.bak failed!
Could not process line:
C:\WINDOWS\inet20026\mm5.exe.bak
Status: 0xc0000034
File C:\WINDOWS\inet20026\mm5.exe not found!
Deletion of file C:\WINDOWS\inet20026\mm5.exe failed!
Could not process line:
C:\WINDOWS\inet20026\mm5.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\alg.exe.bak not found!
Deletion of file C:\WINDOWS\inet20026\alg.exe.bak failed!
Could not process line:
C:\WINDOWS\inet20026\alg.exe.bak
Status: 0xc0000034
File C:\WINDOWS\inet20026\alg.exe not found!
Deletion of file C:\WINDOWS\inet20026\alg.exe failed!
Could not process line:
C:\WINDOWS\inet20026\alg.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\select.exe.bak not found!
Deletion of file C:\WINDOWS\inet20026\select.exe.bak failed!
Could not process line:
C:\WINDOWS\inet20026\select.exe.bak
Status: 0xc0000034
File C:\WINDOWS\inet20026\select.exe not found!
Deletion of file C:\WINDOWS\inet20026\select.exe failed!
Could not process line:
C:\WINDOWS\inet20026\select.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\killer.exe.bak not found!
Deletion of file C:\WINDOWS\inet20026\killer.exe.bak failed!
Could not process line:
C:\WINDOWS\inet20026\killer.exe.bak
Status: 0xc0000034
File C:\WINDOWS\inet20026\killer.exe not found!
Deletion of file C:\WINDOWS\inet20026\killer.exe failed!
Could not process line:
C:\WINDOWS\inet20026\killer.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\socks.exe.bak not found!
Deletion of file C:\WINDOWS\inet20026\socks.exe.bak failed!
Could not process line:
C:\WINDOWS\inet20026\socks.exe.bak
Status: 0xc0000034
File C:\WINDOWS\inet20026\socks.exe not found!
Deletion of file C:\WINDOWS\inet20026\socks.exe failed!
Could not process line:
C:\WINDOWS\inet20026\socks.exe
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00010.dll not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00010.dll failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00010.dll
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00013.dll not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00013.dll failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00013.dll
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00014.dll not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00014.dll failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00014.dll
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.exe not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.exe failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.exe
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.dll not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.dll failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.dll
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00016.dll not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00016.dll failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00016.dll
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00017.exe not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00017.exe failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00017.exe
Status: 0xc0000034
File C:\Programme\Internet Explorer\winbrume.dat deleted successfully.
File C:\Programme\Internet Explorer\lock.exe deleted successfully.
File C:\Programme\Internet Explorer\update.exe deleted successfully.
File C:\WINDOWS\comdlg66.dll deleted successfully.
File C:\WINDOWS\system32\d.bat deleted successfully.
File C:\WINDOWS\system32\dxvwynas.exe deleted successfully.
File C:\WINDOWS\system32\dxvwpmos.exe deleted successfully.
File C:\WINDOWS\system32\dxvwasmt.exe deleted successfully.
File C:\WINDOWS\system32\dxvwmwqi.exe deleted successfully.
File C:\WINDOWS\System32\clcbt.exe deleted successfully.
File c:\WINDOWS\SYSTEM32\WINM32.DLL deleted successfully.
File c:\WINDOWS\SYSTEM32\QZ.DLL deleted successfully.
File c:\WINDOWS\SYSTEM32\WINM64.SYS deleted successfully.
File c:\WINDOWS\SYSTEM32\QZ.SYS deleted successfully.
File c:\WINDOWS\SYSTEM32\WINM32.SYS deleted successfully.
File c:\WINDOWS\SYSTEM32\QY.SYS deleted successfully.
File c:\WINDOWS\SYSTEM32\P3.INI deleted successfully.
File c:\WINDOWS\Prefetch\CLCBT.EXE-1B55EDA4.pf deleted successfully.
File C:\WINDOWS\SYSTEM32\winm32.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\winm32.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\winm32.dll
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cfhbabgj
*******************
Script file located at: \??\C:\ltdjokwy.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\inet20026\services.exe not found!
Deletion of file C:\WINDOWS\inet20026\services.exe failed!
Could not process line:
C:\WINDOWS\inet20026\services.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\winlogon.exe not found!
Deletion of file C:\WINDOWS\inet20026\winlogon.exe failed!
Could not process line:
C:\WINDOWS\inet20026\winlogon.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\3.03.00.dll not found!
Deletion of file C:\WINDOWS\inet20026\3.03.00.dll failed!
Could not process line:
C:\WINDOWS\inet20026\3.03.00.dll
Status: 0xc0000034
File C:\WINDOWS\inet20026\mm.pid not found!
Deletion of file C:\WINDOWS\inet20026\mm.pid failed!
Could not process line:
C:\WINDOWS\inet20026\mm.pid
Status: 0xc0000034
File C:\WINDOWS\inet20026\1.txt not found!
Deletion of file C:\WINDOWS\inet20026\1.txt failed!
Could not process line:
C:\WINDOWS\inet20026\1.txt
Status: 0xc0000034
File C:\WINDOWS\inet20026\tmp.req not found!
Deletion of file C:\WINDOWS\inet20026\tmp.req failed!
Could not process line:
C:\WINDOWS\inet20026\tmp.req
Status: 0xc0000034
File C:\WINDOWS\inet20026\mm6.exe not found!
Deletion of file C:\WINDOWS\inet20026\mm6.exe failed!
Could not process line:
C:\WINDOWS\inet20026\mm6.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\mm5.exe.bak not found!
Deletion of file C:\WINDOWS\inet20026\mm5.exe.bak failed!
Could not process line:
C:\WINDOWS\inet20026\mm5.exe.bak
Status: 0xc0000034
File C:\WINDOWS\inet20026\mm5.exe not found!
Deletion of file C:\WINDOWS\inet20026\mm5.exe failed!
Could not process line:
C:\WINDOWS\inet20026\mm5.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\alg.exe.bak not found!
Deletion of file C:\WINDOWS\inet20026\alg.exe.bak failed!
Could not process line:
C:\WINDOWS\inet20026\alg.exe.bak
Status: 0xc0000034
File C:\WINDOWS\inet20026\alg.exe not found!
Deletion of file C:\WINDOWS\inet20026\alg.exe failed!
Could not process line:
C:\WINDOWS\inet20026\alg.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\select.exe.bak not found!
Deletion of file C:\WINDOWS\inet20026\select.exe.bak failed!
Could not process line:
C:\WINDOWS\inet20026\select.exe.bak
Status: 0xc0000034
File C:\WINDOWS\inet20026\select.exe not found!
Deletion of file C:\WINDOWS\inet20026\select.exe failed!
Could not process line:
C:\WINDOWS\inet20026\select.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\killer.exe.bak not found!
Deletion of file C:\WINDOWS\inet20026\killer.exe.bak failed!
Could not process line:
C:\WINDOWS\inet20026\killer.exe.bak
Status: 0xc0000034
File C:\WINDOWS\inet20026\killer.exe not found!
Deletion of file C:\WINDOWS\inet20026\killer.exe failed!
Could not process line:
C:\WINDOWS\inet20026\killer.exe
Status: 0xc0000034
File C:\WINDOWS\inet20026\socks.exe.bak not found!
Deletion of file C:\WINDOWS\inet20026\socks.exe.bak failed!
Could not process line:
C:\WINDOWS\inet20026\socks.exe.bak
Status: 0xc0000034
File C:\WINDOWS\inet20026\socks.exe not found!
Deletion of file C:\WINDOWS\inet20026\socks.exe failed!
Could not process line:
C:\WINDOWS\inet20026\socks.exe
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00010.dll not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00010.dll failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00010.dll
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00013.dll not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00013.dll failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00013.dll
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00014.dll not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00014.dll failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00014.dll
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.exe not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.exe failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.exe
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.dll not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.dll failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00015.dll
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00016.dll not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00016.dll failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00016.dll
Status: 0xc0000034
File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00017.exe not found!
Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00017.exe failed!
Could not process line:
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00017.exe
Status: 0xc0000034
File C:\Programme\Internet Explorer\winbrume.dat deleted successfully.
File C:\Programme\Internet Explorer\lock.exe deleted successfully.
File C:\Programme\Internet Explorer\update.exe deleted successfully.
File C:\WINDOWS\comdlg66.dll deleted successfully.
File C:\WINDOWS\system32\d.bat deleted successfully.
File C:\WINDOWS\system32\dxvwynas.exe deleted successfully.
File C:\WINDOWS\system32\dxvwpmos.exe deleted successfully.
File C:\WINDOWS\system32\dxvwasmt.exe deleted successfully.
File C:\WINDOWS\system32\dxvwmwqi.exe deleted successfully.
File C:\WINDOWS\System32\clcbt.exe deleted successfully.
File c:\WINDOWS\SYSTEM32\WINM32.DLL deleted successfully.
File c:\WINDOWS\SYSTEM32\QZ.DLL deleted successfully.
File c:\WINDOWS\SYSTEM32\WINM64.SYS deleted successfully.
File c:\WINDOWS\SYSTEM32\QZ.SYS deleted successfully.
File c:\WINDOWS\SYSTEM32\WINM32.SYS deleted successfully.
File c:\WINDOWS\SYSTEM32\QY.SYS deleted successfully.
File c:\WINDOWS\SYSTEM32\P3.INI deleted successfully.
File c:\WINDOWS\Prefetch\CLCBT.EXE-1B55EDA4.pf deleted successfully.
File C:\WINDOWS\SYSTEM32\winm32.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\winm32.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\winm32.dll
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
- moimoi
- Beiträge: 33
- Registriert: 06.06.2006, 11:56
von Nikita am 07.06.2006, 16:43
o.k., nun poste die anderen Logs von Bobbi Flekman
+
noch mal die 4 logs von datfindbat , auch das HijackThis noch mal
+
noch mal die 4 logs von datfindbat , auch das HijackThis noch mal
Zuletzt geändert von Nikita am 07.06.2006, 16:45, insgesamt 2-mal geändert.
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von moimoi am 07.06.2006, 16:44
Bei Anwenden der Killbox und löschen der zwei dateien erscheint dann folgende fehlermeldung:
"PendingFileRenameOperations Registry Data hast been Removed by External Process!"
danach erfolgt auch nicht der versprochene reboot...ich mach trotzdem mal weiter...
"PendingFileRenameOperations Registry Data hast been Removed by External Process!"
danach erfolgt auch nicht der versprochene reboot...ich mach trotzdem mal weiter...
- moimoi
- Beiträge: 33
- Registriert: 06.06.2006, 11:56
von moimoi am 07.06.2006, 17:09
WINM64.SYS
REGEDIT4
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0
; Results at 07.06.2006 17:07:58 for strings:
; 'winm64.sys'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winm64]
; Contents of value:
; \??\c:\windows\system32\winm64.sys
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\
6d,33,32,5c,77,69,6e,6d,36,34,2e,73,79,73,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winm64]
; Contents of value:
; \??\c:\windows\system32\winm64.sys
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\
6d,33,32,5c,77,69,6e,6d,36,34,2e,73,79,73,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm64]
; Contents of value:
; \??\c:\windows\system32\winm64.sys
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\
6d,33,32,5c,77,69,6e,6d,36,34,2e,73,79,73,00
; End Of The Log...
REGEDIT4
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0
; Results at 07.06.2006 17:07:58 for strings:
; 'winm64.sys'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winm64]
; Contents of value:
; \??\c:\windows\system32\winm64.sys
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\
6d,33,32,5c,77,69,6e,6d,36,34,2e,73,79,73,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winm64]
; Contents of value:
; \??\c:\windows\system32\winm64.sys
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\
6d,33,32,5c,77,69,6e,6d,36,34,2e,73,79,73,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm64.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm64]
; Contents of value:
; \??\c:\windows\system32\winm64.sys
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\
6d,33,32,5c,77,69,6e,6d,36,34,2e,73,79,73,00
; End Of The Log...
- moimoi
- Beiträge: 33
- Registriert: 06.06.2006, 11:56
von moimoi am 07.06.2006, 17:14
REGEDIT4
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0
; Results at 07.06.2006 17:12:24 for strings:
; 'qz.sys'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
; End Of The Log...
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0
; Results at 07.06.2006 17:12:24 for strings:
; 'qz.sys'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
; End Of The Log...
- moimoi
- Beiträge: 33
- Registriert: 06.06.2006, 11:56
von moimoi am 07.06.2006, 17:16
ok, und hier hijackthis nochmal:
Logfile of HijackThis v1.99.1
Scan saved at 17:15:09, on 07.06.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AMD\PowerNow!\GemServ.exe
C:\WINDOWS\system32\slserv.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\TEMP.CUSTOMER-DE25EC.006\Desktop\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerDVD] C:\Programme\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [clcbt.exe] C:\WINDOWS\System32\clcbt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winm32 - winm32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Programme\AMD\PowerNow!\GemServ.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Logfile of HijackThis v1.99.1
Scan saved at 17:15:09, on 07.06.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AMD\PowerNow!\GemServ.exe
C:\WINDOWS\system32\slserv.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\TEMP.CUSTOMER-DE25EC.006\Desktop\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerDVD] C:\Programme\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [clcbt.exe] C:\WINDOWS\System32\clcbt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winm32 - winm32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Programme\AMD\PowerNow!\GemServ.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
- moimoi
- Beiträge: 33
- Registriert: 06.06.2006, 11:56
von moimoi am 07.06.2006, 17:20
datfind
1
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1A5E-12E9
Verzeichnis von C:\WINDOWS\system32
07.06.2006 16:40 104 PowerNow.log
07.06.2006 15:53 160 bootlog.log
07.06.2006 15:52 102 ps.a3d
06.06.2006 11:48 311.802 perfh009.dat
06.06.2006 11:48 40.190 perfc009.dat
06.06.2006 11:48 723.568 PerfStringBackup.INI
06.06.2006 11:48 316.838 perfh007.dat
06.06.2006 11:48 48.354 perfc007.dat
04.06.2006 19:56 0 klogini.dll
03.06.2006 09:09 1.136 wpa.dbl
03.05.2006 21:26 5.818.784 MRT.exe
26.04.2006 16:28 216.064 FNTCACHE.DAT
18.01.2006 14:05 57.344 avsda.dll
------------------------------------------------------------------------
2
nur alte sachen
-------------------------------------------------------------------------
3
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1A5E-12E9
Verzeichnis von C:\WINDOWS
07.06.2006 16:56 54.156 QTFont.qfn
07.06.2006 16:56 4.088 OEWABLog.txt
07.06.2006 16:46 0 0.log
07.06.2006 16:46 2.048 bootstat.dat
07.06.2006 16:45 32.584 SchedLgU.Txt
07.06.2006 16:45 553.911 WindowsUpdate.log
07.06.2006 16:18 1.409 QTFont.for
07.06.2006 11:08 204.781 setupact.log
07.06.2006 10:46 282 system.ini
07.06.2006 10:45 632 win.ini
06.06.2006 11:30 1.311.746 setupapi.log.0.old
06.06.2006 11:29 3.466 ModemLog_Smart Link 56K Modem.txt
04.06.2006 10:18 65 msxmlcab.log
12.05.2006 20:18 192 winamp.ini
20.02.2006 00:15 216 wiadebug.log
20.02.2006 00:15 50 wiaservc.log
------------------------------------------------------------------------
4
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1A5E-12E9
Verzeichnis von C:\
07.06.2006 17:19 0 sys.txt
07.06.2006 17:19 6.262 system.txt
07.06.2006 17:18 1.769 systemtemp.txt
07.06.2006 17:16 90.615 system32.txt
07.06.2006 16:46 502.845.440 hiberfil.sys
07.06.2006 16:46 754.974.720 pagefile.sys
07.06.2006 16:00 14.494 avenger.txt
07.06.2006 14:07 4.160 files.txt
07.06.2006 11:12 1.384 rapport.txt
06.06.2006 17:53 2 DirDPFCns.txt
06.06.2006 17:53 1.778 DirDPF.txt
06.06.2006 17:53 4.426 look.txt
-------------------------------------------------------------------
sooo....hoff das war jetzt alles?!
1
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1A5E-12E9
Verzeichnis von C:\WINDOWS\system32
07.06.2006 16:40 104 PowerNow.log
07.06.2006 15:53 160 bootlog.log
07.06.2006 15:52 102 ps.a3d
06.06.2006 11:48 311.802 perfh009.dat
06.06.2006 11:48 40.190 perfc009.dat
06.06.2006 11:48 723.568 PerfStringBackup.INI
06.06.2006 11:48 316.838 perfh007.dat
06.06.2006 11:48 48.354 perfc007.dat
04.06.2006 19:56 0 klogini.dll
03.06.2006 09:09 1.136 wpa.dbl
03.05.2006 21:26 5.818.784 MRT.exe
26.04.2006 16:28 216.064 FNTCACHE.DAT
18.01.2006 14:05 57.344 avsda.dll
------------------------------------------------------------------------
2
nur alte sachen
-------------------------------------------------------------------------
3
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1A5E-12E9
Verzeichnis von C:\WINDOWS
07.06.2006 16:56 54.156 QTFont.qfn
07.06.2006 16:56 4.088 OEWABLog.txt
07.06.2006 16:46 0 0.log
07.06.2006 16:46 2.048 bootstat.dat
07.06.2006 16:45 32.584 SchedLgU.Txt
07.06.2006 16:45 553.911 WindowsUpdate.log
07.06.2006 16:18 1.409 QTFont.for
07.06.2006 11:08 204.781 setupact.log
07.06.2006 10:46 282 system.ini
07.06.2006 10:45 632 win.ini
06.06.2006 11:30 1.311.746 setupapi.log.0.old
06.06.2006 11:29 3.466 ModemLog_Smart Link 56K Modem.txt
04.06.2006 10:18 65 msxmlcab.log
12.05.2006 20:18 192 winamp.ini
20.02.2006 00:15 216 wiadebug.log
20.02.2006 00:15 50 wiaservc.log
------------------------------------------------------------------------
4
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1A5E-12E9
Verzeichnis von C:\
07.06.2006 17:19 0 sys.txt
07.06.2006 17:19 6.262 system.txt
07.06.2006 17:18 1.769 systemtemp.txt
07.06.2006 17:16 90.615 system32.txt
07.06.2006 16:46 502.845.440 hiberfil.sys
07.06.2006 16:46 754.974.720 pagefile.sys
07.06.2006 16:00 14.494 avenger.txt
07.06.2006 14:07 4.160 files.txt
07.06.2006 11:12 1.384 rapport.txt
06.06.2006 17:53 2 DirDPFCns.txt
06.06.2006 17:53 1.778 DirDPF.txt
06.06.2006 17:53 4.426 look.txt
-------------------------------------------------------------------
sooo....hoff das war jetzt alles?!
- moimoi
- Beiträge: 33
- Registriert: 06.06.2006, 11:56
von Nikita am 07.06.2006, 17:25
kopiere in den avenger
klicke die gruene Ampel, PC neustarten -> poste das Log vom Avenger
**
fixe mit dem HijackThis:
PC neustarten
scanne mit Panda und poste den scanreport
http://virus-protect.org/onlinescan.html
registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{196B9CB5-4C83-46F7-9B06-9672ECD9D99B}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\winm64.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\winm64.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winm64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\winm64.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\winm64.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winm64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm64.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm64.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\winm32.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\winm32.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winm32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\winm32.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\winm32.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winm32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm32
Files to delete:
C:\WINDOWS\system32\ps.a3d
C:\WINDOWS\system32\klogini.dll
klicke die gruene Ampel, PC neustarten -> poste das Log vom Avenger
**
fixe mit dem HijackThis:
O4 - HKLM\..\Run: [clcbt.exe] C:\WINDOWS\System32\clcbt.exe
O20 - Winlogon Notify: winm32 - winm32.dll (file missing)
PC neustarten
scanne mit Panda und poste den scanreport
http://virus-protect.org/onlinescan.html
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von moimoi am 07.06.2006, 18:08
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vqaibpcl
*******************
Script file located at: \??\C:\daycxjta.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\winm64.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\winm64.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winm64 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\winm64.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\winm64.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winm64 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm64.sys not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm64.sys failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm64.sys
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm64.sys not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm64.sys failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm64.sys
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm64 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm64 failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm64
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\winm32.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\winm32.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winm32 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\winm32.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\winm32.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winm32 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm32.sys not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm32.sys failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm32.sys
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm32.sys not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm32.sys failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm32.sys
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm32 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm32 failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm32
Status: 0xc0000034
File C:\WINDOWS\system32\ps.a3d deleted successfully.
File C:\WINDOWS\system32\klogini.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{196B9CB5-4C83-46F7-9B06-9672ECD9D99B} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{196B9CB5-4C83-46F7-9B06-9672ECD9D99B} failed!
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vqaibpcl
*******************
Script file located at: \??\C:\daycxjta.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\winm64.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\winm64.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winm64 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\winm64.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\winm64.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winm64 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm64.sys not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm64.sys failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm64.sys
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm64.sys not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm64.sys failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm64.sys
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm64 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm64 failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm64
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\winm32.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\winm32.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winm32 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\winm32.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\winm32.sys deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winm32 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm32.sys not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm32.sys failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winm32.sys
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm32.sys not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm32.sys failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\winm32.sys
Status: 0xc0000034
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm32 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm32 failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winm32
Status: 0xc0000034
File C:\WINDOWS\system32\ps.a3d deleted successfully.
File C:\WINDOWS\system32\klogini.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{196B9CB5-4C83-46F7-9B06-9672ECD9D99B} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{196B9CB5-4C83-46F7-9B06-9672ECD9D99B} failed!
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
- moimoi
- Beiträge: 33
- Registriert: 06.06.2006, 11:56
45 Beiträge • Seite 2 von 3 • 1, 2, 3
Ähnliche Themen
| HILFE ALLE MEINE ORDNERBERECHTIGUNG SIND WEG HILFE BITTE Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
Anti-Viren Software... Forum: Software-Hilfe Autor: Anonymous Antworten: |
Andauernd CRC Fehler, alles schon probiert bis auf.... Forum: Hardware-Hilfe Autor: barthosch Antworten: |
Hilfe zu SpamNet von Cloudmark Forum: Software-Hilfe Autor: Anonymous Antworten: |
HILFE, mein Laptop ist und bleibt im Standy-Modus! Forum: Hardware-Hilfe Autor: anitram Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste