Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\DateTime4] "wdrn"=dword:00000001 CleanUp: Run MRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. CleanUp! 4.5.2 recovered 259.0 KB of disk space from 14 files. CleanUp! finished on 02/28/07 16:23:39. -------------------------------------------- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 3813-95F6 Verzeichnis von C:\WINDOWS\system32 28.02.2007 16:23 28.996 nvapps.xml 28.02.2007 16:23 2.206 wpa.dbl 28.02.2007 16:16 508.379 ikhcore.log 23.02.2007 12:14 9.799 jupdate-1.5.0_11-b03.log 22.02.2007 04:29 397.960 perfh009.dat 22.02.2007 04:29 58.840 perfc009.dat 22.02.2007 04:29 412.746 perfh007.dat 22.02.2007 04:29 70.878 perfc007.dat 22.02.2007 04:29 949.140 PerfStringBackup.INI 20.02.2007 23:41 6.920 ban_list.txt 17.02.2007 23:07 24.377 wintems.exe.bd.ren 17.02.2007 20:52 122.142 TZLog.log 17.02.2007 20:32 1.750.016 AXWebchecker16Proj1.ocx 07.02.2007 14:01 12.293.536 MRT.exe 29.01.2007 09:58 60.416 tzchange.exe 28.01.2007 23:37 106.496 CNOServerLauncher.exe 23.01.2007 20:30 546.304 hhctrl.ocx 12.01.2007 09:27 232.960 webcheck.dll 12.01.2007 09:27 670.720 mstime.dll 12.01.2007 09:27 51.712 msfeedsbs.dll 12.01.2007 09:27 132.608 extmgr.dll 12.01.2007 09:27 477.696 mshtmled.dll 12.01.2007 09:27 3.580.416 mshtml.dll 12.01.2007 09:27 822.784 wininet.dll 12.01.2007 09:27 6.054.400 ieframe.dll 12.01.2007 09:27 1.149.952 urlmon.dll 12.01.2007 09:27 458.752 msfeeds.dll 12.01.2007 09:27 27.136 jsproxy.dll 12.01.2007 03:36 9.074 jupdate-1.5.0_10-b03.log 10.01.2007 17:42 1.040.384 ieframe.dll.mui 08.01.2007 19:04 105.984 url.dll 08.01.2007 19:04 102.400 occache.dll 08.01.2007 19:03 193.024 msrating.dll 08.01.2007 19:02 1.823.744 inetcpl.cpl 08.01.2007 19:02 266.752 iertutil.dll 08.01.2007 19:02 44.544 iernonce.dll 08.01.2007 19:02 153.088 ieakeng.dll 08.01.2007 19:02 230.400 ieaksie.dll 08.01.2007 19:02 384.000 iedkcs32.dll 08.01.2007 19:02 383.488 ieapfltr.dll 08.01.2007 19:02 161.792 ieakui.dll 08.01.2007 19:01 17.408 corpol.dll 08.01.2007 19:00 124.928 advpack.dll 08.01.2007 18:08 56.832 ie4uinit.exe 08.01.2007 18:08 13.824 ieudinit.exe 19.12.2006 22:49 135.168 shsvcs.dll 19.12.2006 22:49 8.494.592 shell32.dll 19.12.2006 19:17 334.336 wiaservc.dll 15.12.2006 03:09 127.078 javaws.exe 15.12.2006 03:09 49.265 jpicpl32.cpl 15.12.2006 01:31 53.346 javaw.exe 15.12.2006 01:30 49.248 java.exe 14.12.2006 01:19 23.392 nscompat.tlb 14.12.2006 01:19 16.832 amcompat.tlb 06.12.2006 01:30 14 systeminfo.dll 27.11.2006 15:54 539.136 msftedit.dll 27.11.2006 15:54 433.152 riched20.dll 17.11.2006 18:53 12.288 advpack.dll.mui 08.11.2006 06:06 679.424 inetcomm.dll 07.11.2006 21:03 191.488 iepeers.dll 07.11.2006 21:03 156.160 msls31.dll 07.11.2006 21:03 180.736 ieui.dll 07.11.2006 21:03 413.696 vbscript.dll 07.11.2006 03:26 71.680 admparse.dll 07.11.2006 03:26 55.296 iesetup.dll 07.11.2006 03:26 92.672 inseng.dll 07.11.2006 03:24 56.483 ieuinit.inf 04.11.2006 14:14 1.245.696 msxml4.dll 03.11.2006 10:02 8.282.112 wmploc.dll 03.11.2006 09:56 99.840 wmpshell.dll 03.11.2006 09:55 275.968 wmerror.dll 03.11.2006 09:54 8.192 asferror.dll 02.11.2006 11:51 43.008 wpdshextres.dll 01.11.2006 20:17 927.504 mfc40u.dll -------------------------------------------------- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 3813-95F6 Verzeichnis von C:\DOKUME~1\HAZE\LOKALE~1\Temp ------------------------------------------------ Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 3813-95F6 Verzeichnis von C:\WINDOWS 28.02.2007 16:17 6.104 ModemLog_Bluetooth DUN Modem.txt 28.02.2007 16:17 6.098 ModemLog_Bluetooth Fax Modem.txt 28.02.2007 16:17 159 wiadebug.log 28.02.2007 16:17 50 wiaservc.log 28.02.2007 16:16 2.048 bootstat.dat 28.02.2007 03:49 32.102 SchedLgU.Txt 28.02.2007 02:17 0 Sti_Trace.log 27.02.2007 15:42 202 NeroDigital.ini 23.02.2007 14:20 26 NEOSETUP.INI 20.02.2007 12:26 227 system.ini 20.02.2007 12:26 845 win.ini 17.02.2007 22:31 0 nsreg.dat 28.01.2007 23:38 331.776 Setup1.exe 28.01.2007 23:38 74.752 ST6UNST.EXE 28.01.2007 23:37 225.280 7FE1B8E1908011d4B33000001A112984.exe 02.12.2006 18:32 49 lifeview.ini 28.10.2006 01:14 839 TeVeoLive.ini 14.10.2006 13:15 12.862 EPISMG00.SWB 09.10.2006 20:34 29.184 Thumbs.db ------------------------------------------------- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 3813-95F6 Verzeichnis von C:\WINDOWS\Temp ------------------------------------------------- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 3813-95F6 Verzeichnis von C:\WINDOWS\Downloaded Program Files 22.02.2007 06:00 0 ppv5exc.dat 13.09.2005 13:44 479 pestscanx.inf 30.06.2005 10:33 244 pestscan.ini ------------------------------------------------ Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 3813-95F6 Verzeichnis von C:\ 28.02.2007 16:30 0 sys.txt 28.02.2007 16:30 846 down.txt 28.02.2007 16:30 108 tmp.txt 28.02.2007 16:28 6.965 system.txt 28.02.2007 16:28 123 systemtemp.txt 28.02.2007 16:27 119.433 system32.txt 28.02.2007 16:16 1.073.270.784 hiberfil.sys 28.02.2007 16:16 805.306.368 pagefile.sys 28.02.2007 02:07 9.248 avenger.txt 24.02.2007 18:56 0 VO.log 24.02.2007 18:56 0 dxva.log 24.02.2007 12:39 23.017 _NavCClt.Log 24.02.2007 12:39 694 PMig01.Log 24.02.2007 12:38 17.776 PkgClnup.log 24.02.2007 12:34 694 PMig0.Log 20.02.2007 23:43 694 PMig.Log 20.02.2007 12:26 211 boot.ini 19.02.2007 16:10 259.478 CIMG2350.mp4 19.02.2007 11:06 1.140.716 CIMG2354.mp4 16.09.2006 17:04 8.552 files.txt 16.09.2006 16:54 12.978 c.txt 18.01.2006 23:06 65.393 iTrip.xml 23.03.2005 21:24 760.729 di-624+_bx_fw_v207.zip --------------------------------------------------------- doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile ----------------------- ----------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] "DependOnGroup"=hex(7):00 "DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00 "Description"="Bietet allen Computern in Heim- und kleinen Firmennetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz." "DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000020 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] "Epoch"=dword:0000273d [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00 "SharedAutoDial"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:Enabled:Remoteunterstützung" "%ProgramFiles%\\Messenger\\msmsgs.exe"="%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "%WinDir%\\system32\\fxsclnt.exe"="%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console" "%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner" "%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor" "%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server" "%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil" "%ProgramFiles%\\Aon\\AonInternet\\AonStarter.exe"="%ProgramFiles%\\Aon\\AonInternet\\AonStarter.exe:*:enabled:AonInternet" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008" "139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004" "445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005" "137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001" "138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 "DoNotAllowExceptions"=dword:00000000 "DisableNotifications"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner" "%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor" "%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server" "%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil" "%ProgramFiles%\\Aon\\AonInternet\\AonStarter.exe"="%ProgramFiles%\\Aon\\AonInternet\\AonStarter.exe:*:enabled:AonInternet" "D:\\Programs\\Internet\\eMule\\emule.exe"="D:\\Programs\\Internet\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Programme\\Shareaza\\Shareaza.exe"="C:\\Programme\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing" "C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Disabled:Microsoft Fax Console" "C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger" "D:\\Spiele\\Battlefield2\\BF2.exe"="D:\\Spiele\\Battlefield2\\BF2.exe:*:Enabled:Battlefield 2" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen" "C:\\Dokumente und Einstellungen\\HAZE\\Eigene Dateien\\ICQ Lite\\249777944\\http-core-junky_302563328\\VoipBuster.exe"="C:\\Dokumente und Einstellungen\\HAZE\\Eigene Dateien\\ICQ Lite\\249777944\\http-core-junky_302563328\\VoipBuster.exe:*:Enabled:Client to make VoIP calls." "D:\\Programs\\Webcam\\TeVeo VIDiO Suite\\Live\\TeVeoLive.exe"="D:\\Programs\\Webcam\\TeVeo VIDiO Suite\\Live\\TeVeoLive.exe:*:Enabled:TeVeoLive" "C:\\Programme\\Java\\j2re1.4.2_06\\bin\\javaw.exe"="C:\\Programme\\Java\\j2re1.4.2_06\\bin\\javaw.exe:*:Enabled:javaw" "D:\\Programs\\emule44bv16-webcache-rar\\emule.exe"="D:\\Programs\\emule44bv16-webcache-rar\\emule.exe:*:Enabled:eMule" "D:\\Programs\\Azureus\\Azureus.exe"="D:\\Programs\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Dokumente und Einstellungen\\HAZE\\Lokale Einstellungen\\Temp\\WZSE0.TMP\\upgradeST.exe"="C:\\Dokumente und Einstellungen\\HAZE\\Lokale Einstellungen\\Temp\\WZSE0.TMP\\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard" "C:\\Programme\\Alcatel\\SpeedTouch USB\\dragdiag.exe"="C:\\Programme\\Alcatel\\SpeedTouch USB\\dragdiag.exe:*:Enabled:SpeedTouch USB Diagnostics (PPP)" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "D:\\Spiele\\Carom3D\\update.exe"="D:\\Spiele\\Carom3D\\update.exe:*:Enabled:Last Update 2001/08/22" "C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes" "D:\\Spiele\\Fifa 2005\\fifa2005.exe"="D:\\Spiele\\Fifa 2005\\fifa2005.exe:*:Disabled:fifa2005" "C:\\Programme\\KONAMI\\Pro Evolution Soccer 4\\pes4.exe"="C:\\Programme\\KONAMI\\Pro Evolution Soccer 4\\pes4.exe:*:Disabled:pes4" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:Remoteunterstützung" "C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite" "C:\\Programme\\EA SPORTS\\FIFA 07\\fifa07.exe"="C:\\Programme\\EA SPORTS\\FIFA 07\\fifa07.exe:*:Enabled:fifa07" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Programme\\mIRC\\mirc.exe"="C:\\Programme\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Programme\\Warez\\Warez.exe"="C:\\Programme\\Warez\\Warez.exe:*:Disabled:Warez3" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004" "445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005" "137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001" "138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002" "1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008" "4661:TCP"="4661:TCP:*:Enabled:A" "4662:TCP"="4662:TCP:*:Enabled:B" "4665:TCP"="4665:TCP:*:Enabled:C" "4672:TCP"="4672:TCP:*:Enabled:D" "5739:UDP"="5739:UDP:*:Disabled:Soccer" "3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings] "AllowInboundRouterRequest"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "All"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum] "0"="Root\\LEGACY_SHAREDACCESS\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "Type"=dword:00000020 "Start"=dword:00000004 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Sicherheitscenter" "DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00 "ObjectName"="LocalSystem" "Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters] "ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\ 33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] "autodisconnect"=dword:0000000f "enableforcedlogoff"=dword:00000001 "enablesecuritysignature"=dword:00000000 "requiresecuritysignature"=dword:00000000 "NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\ 4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\ 6f,77,73,65,72,00,00 "NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00 "Lmannounce"=dword:00000000 "Size"=dword:00000001 "Guid"=hex:7c,cf,ab,84,16,65,9e,49,a7,25,b4,05,56,1d,c0,8b "AdjustedNullSessionPipes"=dword:00000001 "srvcomment"="test" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters] "enableplaintextpassword"=dword:00000000 "enablesecuritysignature"=dword:00000001 "requiresecuritysignature"=dword:00000000 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00 "OtherDomains"=hex(7):00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] "Type"=dword:00000020 "Start"=dword:00000004 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Nachrichtendienst" "DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\ 4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security] "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\ 00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,20,02,00,00 "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\ 00,00,00,00,05,20,00,00,00,20,02,00,00 "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\ 00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00 "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST] "System.EnterpriseServices.Thunk.dll"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 "Bounds"=hex:00,30,00,00,00,20,00,00 "Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\ 63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00 "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001 "LsaPid"=dword:00000238 "SecureBoot"=dword:00000001 "auditbaseobjects"=dword:00000000 "crashonauditfail"=dword:00000000 "disabledomaincreds"=dword:00000000 "everyoneincludesanonymous"=dword:00000000 "fipsalgorithmpolicy"=dword:00000000 "forceguest"=dword:00000001 "fullprivilegeauditing"=hex:00 "limitblankpassworduse"=dword:00000001 "lmcompatibilitylevel"=dword:00000000 "nodefaultadminowner"=dword:00000001 "nolmhash"=dword:00000000 "restrictanonymous"=dword:00000000 "restrictanonymoussam"=dword:00000001 "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders] "ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\ 50,72,6f,76,69,64,65,72,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data] "Pattern"=hex:0a,38,b8,bf,35,3a,c8,81,e8,04,17,6d,d8,c7,6c,12,65,36,33,64,62,\ 36,32,65,00,00,00,00,c1,f7,00,00,18,ca,06,00,99,d0,b7,71,04,ca,06,00,10,00,\ 00,00,00,00,00,00,5a,aa,ba,58,7f,81,3d,e3,18,90,3a,e6 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG] "GrafBlumGroup"=hex:b9,42,cc,26,27,9d,ac,0d,54 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD] "Lookup"=hex:c7,cb,45,4f,50,0d [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0] "ntlmminclientsec"=dword:00000000 "ntlmminserversec"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1] "SkewMatrix"=hex:15,f5,4c,cf,30,05,55,00,82,82,0f,96,6f,84,93,1d [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache] "Time"=hex:30,ff,2a,4a,d7,ae,c4,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" "Capabilities"=dword:00004050 "RpcId"=dword:0000ffff "Version"=dword:00000001 "TokenSize"=dword:0000ffff "Time"=hex:00,e0,60,91,1a,7a,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000011 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,e0,60,91,1a,7a,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000012 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,e0,60,91,1a,7a,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=dword:00000001 "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]  ----------------------------------------------------- avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\intqyhsc ******************* Script file located at: \??\C:\Program Files\aqxwvyrn.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key \Registry\Machine\System\CurrentControlSet\Services\m_hook not found! Unload of driver m_hook failed! Could not process line: m_hook Status: 0xc0000034 Registry key \Registry\Machine\System\CurrentControlSet\Services\OMSCAN not found! Unload of driver OMSCAN failed! Could not process line: OMSCAN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_OMSCAN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_OMSCAN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_OMSCAN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OMSCAN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OMSCAN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OMSCAN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OMSCAN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OMSCAN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OMSCAN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\OMSCAN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\OMSCAN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\OMSCAN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\OMSCAN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OMSCAN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OMSCAN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OMSCAN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_M_HOOK not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_M_HOOK failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_M_HOOK Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_M_HOOK not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_M_HOOK failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_M_HOOK Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m_hook not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m_hook failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m_hook Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\m_hook not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\m_hook failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\m_hook Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\m_hook not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\m_hook failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\m_hook Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\m_hook not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\m_hook failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\m_hook Status: 0xc0000034 File C:\temp\ole320 not found! Deletion of file C:\temp\ole320 failed! Could not process line: C:\temp\ole320 Status: 0xc0000034 Could not open file c:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\hidires\m_hook.sys for deletion Deletion of file c:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\hidires\m_hook.sys failed! Could not process line: c:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\hidires\m_hook.sys Status: 0xc000003a Could not open file c:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\HIDIRES\HIDR.EXE for deletion Deletion of file c:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\HIDIRES\HIDR.EXE failed! Could not process line: c:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\HIDIRES\HIDR.EXE Status: 0xc000003a File C:\WINDOWS\7FE1B8E1908011d4B33000001A112984.exe deleted successfully. File C:\WINDOWS\system32\wintems.exe not found! Deletion of file C:\WINDOWS\system32\wintems.exe failed! Could not process line: C:\WINDOWS\system32\wintems.exe Status: 0xc0000034 File C:\WINDOWS\system32\ldr64.dll not found! Deletion of file C:\WINDOWS\system32\ldr64.dll failed! Could not process line: C:\WINDOWS\system32\ldr64.dll Status: 0xc0000034 File C:\WINDOWS\system32\hidr.exe not found! Deletion of file C:\WINDOWS\system32\hidr.exe failed! Could not process line: C:\WINDOWS\system32\hidr.exe Status: 0xc0000034 File C:\WINDOWS\system32\winlogons.exe not found! Deletion of file C:\WINDOWS\system32\winlogons.exe failed! Could not process line: C:\WINDOWS\system32\winlogons.exe Status: 0xc0000034 File C:\WINDOWS\SYSTEM32\ban_list.txt deleted successfully. Folder C:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\hidires not found! Deletion of folder C:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\hidires failed! Could not process line: C:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\hidires Status: 0xc0000034 Folder C:\Programme\Warez not found! Deletion of folder C:\Programme\Warez failed! Could not process line: C:\Programme\Warez Status: 0xc0000034 Folder C:\Casino deleted successfully. Completed script processing. ******************* Finished! Terminate. ------------------------------------------------- Sophos Anti-Virus Version 4.15.0 [Win32/Intel] Virus data version 4.15, March 2007 Includes detection for 224048 viruses, trojans and worms Copyright (c) 1989-2007 Sophos Plc, www.sophos.com System time 16:51:37, System date 28 February 2007 Command line qualifiers are: -f -remove -nc -nb --stop-scan IDE directory is: C:\SDFix\IDE Using IDE file fujack-g.ide Using IDE file counto-h.ide Using IDE file codbo-ew.ide Using IDE file sniffe-n.ide Using IDE file krepp-bf.ide Using IDE file salit-aa.ide Using IDE file flood-hh.ide Using IDE file zapch-bx.ide Using IDE file pws-adx.ide Using IDE file lin-aiq.ide Using IDE file rbot-gaw.ide Using IDE file rbot-gay.ide Using IDE file levona-c.ide Using IDE file gladis-a.ide Using IDE file ircbo-cx.ide Using IDE file shipup-b.ide Using IDE file levona-d.ide Using IDE file busky-e.ide Using IDE file bront-bb.ide Using IDE file puce-t.ide Using IDE file ds070116.ide Using IDE file dloadaky.ide Using IDE file cimuz-bk.ide Using IDE file rustok-n.ide Using IDE file rbot-gbx.ide Using IDE file bront-ae.ide Using IDE file looke-bk.ide Using IDE file psyme-dd.ide Using IDE file danmec-v.ide Using IDE file zalon-b.ide Using IDE file ds070118.ide Using IDE file sfdc-l.ide Using IDE file bront-ci.ide Using IDE file dwnl-fyd.ide Using IDE file tileb-ik.ide Using IDE file look-bo.ide Using IDE file ds070119.ide Using IDE file fujack-u.ide Using IDE file servu-ej.ide Using IDE file dref-w.ide Using IDE file counto-i.ide Using IDE file dwnl-fyg.ide Using IDE file dref-x.ide Using IDE file pardon-d.ide Using IDE file agen-eab.ide Using IDE file cimuz-bm.ide Using IDE file dwnl-fyb.ide Using IDE file rbot-gce.ide Using IDE file dorf-fam.ide Using IDE file nordex-a.ide Using IDE file sillyf-m.ide Using IDE file fakea-ai.ide Using IDE file tileb-ii.ide Using IDE file dwnl-fyh.ide Using IDE file legmi-yy.ide Using IDE file sohana-h.ide Using IDE file ds070124.ide Using IDE file raser-as.ide Using IDE file clagg-as.ide Using IDE file fuifrm-a.ide Using IDE file rincux-a.ide Using IDE file bank-dnm.ide Using IDE file dloa-asi.ide Using IDE file ds070125.ide Using IDE file cimuz-bn.ide Using IDE file fujack-k.ide Using IDE file strat-ci.ide Using IDE file tileb-io.ide Using IDE file fujack-l.ide Using IDE file dwnl-fzi.ide Using IDE file vb-cxt.ide Using IDE file busky-i.ide Using IDE file baglezip.ide Using IDE file tileb-iq.ide Using IDE file fujet-a.ide Using IDE file wow-aj.ide Using IDE file sohana-j.ide Using IDE file msnfak-n.ide Using IDE file dloa-asn.ide Using IDE file ds070129.ide Using IDE file ruindl-x.ide Using IDE file dwnl-gat.ide Using IDE file looke-br.ide Using IDE file rbot-fwm.ide Using IDE file rbot-gcv.ide Using IDE file dloa-asp.ide Using IDE file ds070130.ide Using IDE file ranky-ar.ide Using IDE file lookd-bs.ide Using IDE file sdbotcxo.ide Using IDE file boband-f.ide Using IDE file clagg-at.ide Using IDE file cyadoo-b.ide Using IDE file sdbo-cwo.ide Using IDE file fujack-m.ide Using IDE file waspy-a.ide Using IDE file dloa-asr.ide Using IDE file dwnl-fzz.ide Using IDE file bront-cn.ide Using IDE file ridnu-b.ide Using IDE file nebul-m.ide Using IDE file dwnl-gac.ide Using IDE file dzan-a.ide Using IDE file clagg-au.ide Using IDE file banl-atj.ide Using IDE file agen-ebn.ide Using IDE file clagg-av.ide Using IDE file ldpincqc.ide Using IDE file sdbotcxs.ide Using IDE file chode-w.ide Using IDE file delspy-e.ide Using IDE file fujack-n.ide Using IDE file vbaut-b.ide Using IDE file dref-z.ide Using IDE file agen-ebo.ide Using IDE file pws-afa.ide Using IDE file clagg-aw.ide Using IDE file vb-cyk.ide Using IDE file dloa-asy.ide Using IDE file dref-y.ide Using IDE file pws-afb.ide Using IDE file sdbo-cyd.ide Using IDE file bront-co.ide Using IDE file strat-aj.ide Using IDE file ds070207.ide Using IDE file bckd-pxt.ide Using IDE file steph-b.ide Using IDE file fujack-o.ide Using IDE file murlo-aq.ide Using IDE file boband-h.ide Using IDE file pws-afd.ide Using IDE file dwnl-gag.ide Using IDE file ds070208.ide Using IDE file looke-bv.ide Using IDE file ds070209.ide Using IDE file lookd-bu.ide Using IDE file lookd-bw.ide Using IDE file rbot-gci.ide Using IDE file zlob-zt.ide Using IDE file look-bx.ide Using IDE file msnvb-d.ide Using IDE file dwn-gai.ide Using IDE file gampas-h.ide Using IDE file line-aiv.ide Using IDE file bront-cp.ide Using IDE file cimu-ca.ide Using IDE file dldr-atd.ide Using IDE file ircbo-ub.ide Using IDE file rbot-ful.ide Using IDE file strat-cu.ide Using IDE file mooler-b.ide Using IDE file sdb-dlc.ide Using IDE file fujack-p.ide Using IDE file tileb-ip.ide Using IDE file lookd-ca.ide Using IDE file dref-ac.ide Using IDE file bront-cr.ide Using IDE file clagg-ax.ide Using IDE file zlob-zp.ide Using IDE file rbot-fwl.ide Using IDE file delbot-g.ide Using IDE file dloa-atg.ide Using IDE file limpne-a.ide Using IDE file lager-u.ide Using IDE file banl-avp.ide Using IDE file rbot-gdc.ide Using IDE file dref-q.ide Using IDE file clagr-ay.ide Using IDE file bgldl-ca.ide Using IDE file pulcer-a.ide Using IDE file looke-ar.ide Using IDE file fujack-i.ide Using IDE file sdbt-czq.ide Using IDE file dolla-cm.ide Using IDE file fujack-r.ide Using IDE file zasran-h.ide Using IDE file rbot-gep.ide Using IDE file zapch-cx.ide Using IDE file dloa-akq.ide Using IDE file soad-c.ide Using IDE file psyme-dz.ide Using IDE file poebo-ke.ide Using IDE file delf-elf.ide Using IDE file poebo-kg.ide Using IDE file ds070220.ide Using IDE file delbot-h.ide Using IDE file murlo-ek.ide Using IDE file rbot-gfk.ide Using IDE file piggi-b.ide Using IDE file agentdww.ide Using IDE file pitin-a.ide Using IDE file spamto-u.ide Using IDE file ds070221.ide Using IDE file iframe-b.ide Using IDE file dref-ae.ide Using IDE file sillyf-r.ide Using IDE file spy-ul.ide Using IDE file dlod-atw.ide Using IDE file fujack-z.ide Using IDE file tileb-iw.ide Using IDE file sohana-g.ide Using IDE file fujac-aa.ide Using IDE file ds070223.ide Using IDE file bagdl-cj.ide Using IDE file rbot-gdb.ide Using IDE file bho-be.ide Using IDE file looke-cd.ide Using IDE file bagdl-cm.ide Using IDE file candun-e.ide Using IDE file agen-ecv.ide Using IDE file lazy-a.ide Using IDE file feeb-bi.ide Using IDE file ds070226.ide Using IDE file zapch-cw.ide Using IDE file malbindb.ide Using IDE file delbot-i.ide Using IDE file tileb-iy.ide Using IDE file rbot-ggu.ide Using IDE file ds070222.ide Using IDE file ds070219.ide Using IDE file ds070227.ide Using IDE file rbot-ggy.ide Using IDE file pirlam-a.ide Using IDE file smal-ect.ide Using IDE file fujac-ac.ide Using IDE file rungbu-a.ide Using IDE file agen-ecw.ide Using IDE file ds070228.ide Using IDE file blic-a.ide Using IDE file fujac-ad.ide Full Scanning Password protected file C:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\Adobe\Acrobat\6.0\Messages\DEU\read0600win_DEUadbe0040a.pdf Password protected file C:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\Adobe\Acrobat\6.0\Messages\DEU\read0600win_DEUyhoo0010.pdf Password protected file C:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\Adobe\Acrobat\7.0\Messages\DEU\read0600win_DEUyhoo0010.pdf Password protected file C:\Dokumente und Einstellungen\HAZE\Anwendungsdaten\Adobe\Acrobat\7.0\Messages\DEU\read0700win_DEUadbe0700.pdf Password protected file C:\Dokumente und Einstellungen\HAZE\Desktop\Downloads\gutschein.pdf Aborted checking C:\Dokumente und Einstellungen\HAZE\Desktop\Nicht verwendete Desktopverknpfungen\test - appears to be a 'zip bomb' Could not open C:\hiberfil.sys Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\RdrMsgDEU.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\read0600win_DEUyhoo0010.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\read0600win_ENUyhoo0010.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf >>> Virus 'Troj/RKProc-Fam' found in file C:\System Volume Information\_restore{424E059A-AF08-40A0-AA00-02D6FDD89AF5}\RP1925\A0126751.sys Removal successful >>> Virus 'Troj/RKProc-Fam' found in file C:\System Volume Information\_restore{424E059A-AF08-40A0-AA00-02D6FDD89AF5}\RP1925\A0126781.sys Removal successful >>> Virus 'Troj/RKProc-Fam' found in file C:\System Volume Information\_restore{424E059A-AF08-40A0-AA00-02D6FDD89AF5}\RP1926\A0126794.sys Removal successful >>> Virus 'Troj/RKProc-Fam' found in file C:\System Volume Information\_restore{424E059A-AF08-40A0-AA00-02D6FDD89AF5}\RP1927\A0126843.sys Removal successful Could not open C:\WINDOWS\system32\drivers\atapi.sys 3 boot sectors swept. 40261 files swept in 26 minutes and 47 seconds. 14 errors were encountered. 4 viruses were discovered. 4 files out of 40261 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 11 encrypted files were not checked. Ending Sophos Anti-Virus.