Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\hrlikayx ******************* Script file located at: \??\C:\chnbcsoq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\0,6068231 deleted successfully. File C:\WINDOWS\system32\8,190554E-02 deleted successfully. File C:\WINDOWS\system32\0,6221125 deleted successfully. File C:\WINDOWS\system32\0,413067 deleted successfully. File C:\WINDOWS\system32\0,3932611 deleted successfully. File C:\WINDOWS\system32\0,3372309 deleted successfully. File C:\WINDOWS\system32\0,7726099 deleted successfully. File C:\WINDOWS\system32\0,7827112 deleted successfully. File C:\WINDOWS\system32\0,8372003 deleted successfully. File C:\WINDOWS\system32\0,9844019 deleted successfully. File C:\WINDOWS\system32\0,3246576 deleted successfully. File C:\WINDOWS\system32\0,7314417 deleted successfully. File C:\WINDOWS\system32\0,2386591 deleted successfully. File C:\WINDOWS\system32\0,3665735 deleted successfully. File C:\WINDOWS\system32\0,5948755 deleted successfully. File C:\WINDOWS\system32\0,5546686 deleted successfully. File C:\WINDOWS\system32\6,792849E-02 deleted successfully. File C:\WINDOWS\system32\0,8536035 deleted successfully. File C:\WINDOWS\system32\0,7392237 deleted successfully. File C:\WINDOWS\system32\0,2825434 deleted successfully. File C:\WINDOWS\system32\0,2250025 deleted successfully. File C:\WINDOWS\system32\0,4311945 deleted successfully. File C:\WINDOWS\system32\0,1891291 deleted successfully. File C:\WINDOWS\system32\0,4488794 deleted successfully. File C:\WINDOWS\system32\0,6299097 deleted successfully. File C:\WINDOWS\system32\0,9038355 deleted successfully. File C:\WINDOWS\system32\0,4978907 deleted successfully. File C:\WINDOWS\system32\0,6063806 deleted successfully. File C:\WINDOWS\system32\0,9748957 deleted successfully. File C:\WINDOWS\system32\2,680606E-02 deleted successfully. File C:\WINDOWS\system32\0,96896 deleted successfully. File C:\WINDOWS\system32\0,5936853 deleted successfully. File C:\WINDOWS\system32\0,1240045 deleted successfully. File C:\WINDOWS\system32\0,8214838 deleted successfully. File C:\WINDOWS\system32\0,3176844 deleted successfully. File C:\WINDOWS\system32\0,341305 deleted successfully. File C:\WINDOWS\system32\5,929202E-02 deleted successfully. File C:\WINDOWS\system32\0,9006464 deleted successfully. File C:\WINDOWS\system32\0,27232 deleted successfully. File C:\WINDOWS\system32\2,895534E-03 deleted successfully. File C:\WINDOWS\system32\0,9213373 deleted successfully. File C:\WINDOWS\system32\0,8389093 deleted successfully. File C:\WINDOWS\system32\0,6966211 deleted successfully. File C:\WINDOWS\system32\0,6313745 deleted successfully. File C:\WINDOWS\system32\0,2938196 deleted successfully. File C:\WINDOWS\system32\0,5230524 deleted successfully. File C:\WINDOWS\system32\0,4228327 deleted successfully. File C:\WINDOWS\system32\0,1506311 deleted successfully. File C:\WINDOWS\system32\0,3887903 deleted successfully. File C:\WINDOWS\system32\0,4297602 deleted successfully. File C:\WINDOWS\system32\0,2921411 deleted successfully. File C:\WINDOWS\system32\1,032656E-02 deleted successfully. File C:\WINDOWS\system32\0,4621698 deleted successfully. File C:\WINDOWS\system32\winlogon.ini deleted successfully. File C:\WINDOWS\system32\scngcf.dat deleted successfully. File C:\WINDOWS\system32\lud.dat deleted successfully. File C:\WINDOWS\system32\0,1293604 deleted successfully. File C:\WINDOWS\system32\lrf.dat deleted successfully. File C:\WINDOWS\system32\drnecdoy.exe deleted successfully. File C:\WINDOWS\system32\pujqfgoz.exe deleted successfully. File C:\WINDOWS\system32\phqghume.exe deleted successfully. File C:\WINDOWS\system32\winsub.xml deleted successfully. File C:\WINDOWS\system32\svcp.csv deleted successfully. File C:\WINDOWS\system32\internetoloper.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\respondmiter not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\respondmiter failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\transponder not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\transponder failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\software\tps108 not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\software\tps108 failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Verzeichnis von C:\WINDOWS\system32 13.06.2006 10:03 8.192 Thumbs.db 11.06.2006 20:46 1.158 wpa.dbl 04.05.2006 06:26 5.818.784 MRT.exe 29.04.2006 13:14 7.006 jupdate-1.5.0_06-b05.log 30.03.2006 11:26 1.492.480 shdocvw.dll 30.03.2006 03:16 18.944 xpsp3res.dll 27.03.2006 00:45 16.832 amcompat.tlb 27.03.2006 00:45 23.392 nscompat.tlb 26.03.2006 15:25 1.398 mapisvc.inf 26.03.2006 13:49 251.088 FNTCACHE.DAT 23.03.2006 22:34 3.074.560 mshtml.dll 18.03.2006 15:57 49.570 perfc007.dat 18.03.2006 15:57 314.842 perfh009.dat 18.03.2006 15:57 41.170 perfc009.dat 18.03.2006 15:57 320.668 perfh007.dat 18.03.2006 15:57 732.166 PerfStringBackup.INI 18.03.2006 13:09 615.424 urlmon.dll 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 10.03.2006 06:09 5.533.696 wmp.dll 04.03.2006 05:34 664.064 wininet.dll 04.03.2006 05:34 474.624 shlwapi.dll 04.03.2006 05:34 448.512 mshtmled.dll 04.03.2006 05:34 39.424 pngfilt.dll 04.03.2006 05:34 532.480 mstime.dll 04.03.2006 05:34 146.432 msrating.dll 04.03.2006 05:34 205.312 dxtrans.dll 04.03.2006 05:34 1.056.256 danim.dll 04.03.2006 05:34 251.392 iepeers.dll 04.03.2006 05:34 96.768 inseng.dll 04.03.2006 05:34 55.808 extmgr.dll 04.03.2006 05:34 152.064 cdfview.dll 04.03.2006 05:34 1.022.976 browseui.dll 01.03.2006 21:43 66.560 mtxclu.dll 01.03.2006 21:43 426.496 msdtcprx.dll 01.03.2006 21:43 161.280 msdtcuiu.dll 01.03.2006 21:43 91.136 mtxoci.dll 01.03.2006 21:43 956.416 msdtctm.dll 01.03.2006 21:43 11.776 xolehlp.dll 20.01.2006 16:32 1.560.576 DesasterGames.dll 18.01.2006 13:05 57.344 avsda.dll 04.01.2006 04:35 68.096 webclnt.dll Verzeichnis von C:\DOKUME~1\HannesH\LOKALE~1\Temp 13.06.2006 23:26 1.048.576 RootRepStream_2C416 13.06.2006 23:22 3.076 RTEGPRS.rlg 13.06.2006 23:12 412 jusched.log 13.06.2006 23:06 1.980 3.tmp 13.06.2006 22:03 1.980 8.tmp 13.06.2006 22:03 2.768.896 ~DF60AF.tmp 13.06.2006 22:00 1.980 2.tmp 13.06.2006 20:45 1.980 7.tmp 13.06.2006 20:20 1.980 1.tmp 30.01.2006 02:23 28.672 4.tmp 30.01.2006 02:23 28.672 6.tmp 30.01.2006 02:23 28.672 5.tmp 30.01.2006 02:23 28.672 B.tmp 13 Datei(en) 3.945.548 Bytes 0 Verzeichnis(se), 10.254.811.136 Bytes frei Verzeichnis von C:\WINDOWS 13.06.2006 23:24 159 wiadebug.log 13.06.2006 23:24 0 0.log 13.06.2006 23:24 2.048 bootstat.dat 13.06.2006 23:22 2.057.842 WindowsUpdate.log 13.06.2006 23:22 50 wiaservc.log 13.06.2006 23:22 32.544 SchedLgU.Txt 13.06.2006 20:11 216.089 setupact.log 13.06.2006 20:10 281.410 ntbtlog.txt 10.06.2006 01:50 119.808 Thumbs.db 01.06.2006 18:01 65.729 wmsetup.log 23.05.2006 22:41 57.608 setupapi.log 10.05.2006 14:55 506.288 FaxSetup.log 10.05.2006 14:55 262.395 ocgen.log 10.05.2006 14:55 24.726 ocmsn.log 10.05.2006 14:55 12.508 KB913580.log 10.05.2006 14:55 25.788 msgsocm.log 10.05.2006 14:55 201.197 tsoc.log 10.05.2006 14:55 108.453 ntdtcsetup.log 10.05.2006 14:55 180.181 comsetup.log 10.05.2006 14:55 1.374 imsins.log 10.05.2006 14:55 80.361 iis6.log 10.05.2006 14:55 17.392 updspapi.log 08.05.2006 17:16 54.156 QTFont.qfn 27.04.2006 15:40 1.374 imsins.BAK 27.04.2006 15:40 11.188 KB900485.log 16.04.2006 17:43 31.599 spupdsvc.log 16.04.2006 02:24 15.038 KB908531.log 16.04.2006 02:24 14.226 KB911562.log 16.04.2006 02:23 16.280 KB912812.log 16.04.2006 02:23 29.208 KB911565.log 16.04.2006 02:22 10.645 KB911567.log 02.04.2006 12:23 26 buffygame.INI 27.03.2006 01:02 364.496 Directx.log 27.03.2006 00:48 378 wmsetup10.log 27.03.2006 00:45 1.064.364 setupapi.log.1.old 27.03.2006 00:45 316.640 WMSysPr9.prx 27.03.2006 00:37 647 win.ini 26.03.2006 22:31 1.409 QTFont.for 26.03.2006 15:39 3.896 ModemLog_Mobile 115200.txt 26.03.2006 15:38 3.998 ModemLog_SENS LT56ADW Modem.txt 23.03.2006 01:12 2.909 mozver.dat 23.03.2006 01:03 0 nsreg.dat 23.03.2006 00:58 838 Active Setup Log.txt 18.03.2006 15:52 30.501 KB899587.log 18.03.2006 15:52 29.622 KB896422.log 18.03.2006 15:52 29.215 KB885250.log 18.03.2006 15:52 29.658 KB911927.log 18.03.2006 15:51 29.150 KB901017.log 18.03.2006 15:51 29.473 KB899591.log 18.03.2006 15:51 29.665 KB896424.log 18.03.2006 15:51 29.590 KB893756.log 18.03.2006 15:51 27.345 KB896423.log 18.03.2006 15:51 27.383 KB888113.log 18.03.2006 15:51 27.784 KB887742.log 18.03.2006 15:51 27.525 KB887472.log 18.03.2006 15:51 27.826 KB896358.log 18.03.2006 15:50 22.633 KB910437.log 18.03.2006 15:50 18.579 KB898458.log 18.03.2006 15:50 22.982 KB911564.log 18.03.2006 15:50 30.171 KB905915.log 18.03.2006 15:49 23.761 KB891781.log 18.03.2006 15:49 28.998 KB902400.log 18.03.2006 15:49 20.938 KB890046.log 18.03.2006 15:49 20.672 KB905414.log 18.03.2006 15:49 19.916 KB901214.log 18.03.2006 15:49 18.487 KB888302.log 18.03.2006 15:49 22.284 KB900725.log 18.03.2006 15:48 17.523 KB912919.log 18.03.2006 15:48 16.711 KB904706.log 18.03.2006 15:48 19.603 KB905749.log 18.03.2006 15:48 18.401 KB896428.log 18.03.2006 15:47 16.940 KB894391.log 18.03.2006 15:46 14.717 KB908519.log 18.03.2006 15:46 10.886 KB913446.log 18.03.2006 15:46 16.858 KB890859.log 18.03.2006 14:48 12.633 KB893803v2.log 18.03.2006 14:48 10.150 KB898461.log 18.03.2006 12:59 10 smdat32m.sys 17.03.2006 20:37 0 smdat32a.sys 16.03.2006 11:13 618 ULEAD32.INI Verzeichnis von C:\ 13.06.2006 23:28 0 sys.txt 13.06.2006 23:28 10.985 system.txt 13.06.2006 23:27 836 systemtemp.txt 13.06.2006 23:26 99.120 system32.txt 13.06.2006 23:24 535.875.584 hiberfil.sys 13.06.2006 23:24 9.434 avenger.txt 13.06.2006 23:24 805.306.368 pagefile.sys 13.06.2006 20:11 3.449 rapport2.txt 13.06.2006 20:11 3.449 rapport.txt 13.06.2006 11:08 1.089 prefetch.txt 13.06.2006 11:08 486 Dsystemp.txt 13.06.2006 11:06 102.431 DSYS32.txt 13.06.2006 11:06 7.258 OW.txt 13.06.2006 11:06 13.575 DW.txt 13.06.2006 11:06 3.410 OP.txt 13.06.2006 11:05 114 DP.txt 13.06.2006 11:05 1.104 OC.txt 13.06.2006 11:04 1.392 DC.txt 27.03.2006 12:22 3.811 ads_err.dbf 19.03.2006 14:50 28 console.log Logfile of HijackThis v1.99.1 Scan saved at 23:30:00, on 13.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\ltmoh\Ltmoh.exe C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe C:\Programme\QuickTime\qttask.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\SmartCom\RTEGPRS.exe C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe C:\WINDOWS\twain_32\C6U14K\WATCH.exe C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\DOKUME~1\HannesH\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programme\RXToolBar\sfcont.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [SemanticInsight] C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RTEGPRS] "C:\Programme\Gemeinsame Dateien\SmartCom\RTEGPRS.exe" tray O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROProj.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik/slgwebinstall.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programme\RXToolBar\sfcont.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe