Probleme mit IE

#16 Avenger log:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\akjetian

*******************

Script file located at: \??\C:\eoxfwdaq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\www.ppandora.com deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\www.ppandora.com deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\www.ppandora.com not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\www.ppandora.com failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\www.ppandora.com
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zhongguozhizao.3322.org deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ZHONGGUOZHIZAO.3322.ORG deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zhongguozhizao.3322.org not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zhongguozhizao.3322.org failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zhongguozhizao.3322.org
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZHONGGUOZHIZAO.3322.ORG deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32DHCPsvc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WIN32DHCPSVC deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32DHCPsvc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32DHCPSVC deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32DHCPsvc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32DHCPsvc failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32DHCPsvc
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WIN32DDS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32DDS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WIN32DDS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Win32DDS deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32DDS not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32DDS failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32DDS
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32DDS not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32DDS failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32DDS
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WEBCLIENTS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Webclients deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WEBCLIENTS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Webclients deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WEBCLIENTS not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WEBCLIENTS failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WEBCLIENTS
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Webclients not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Webclients failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Webclients
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VISIONSERVICE deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VisionService deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VISIONSERVICE deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VisionService deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VISIONSERVICE not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VISIONSERVICE failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VISIONSERVICE
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VisionService not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VisionService failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VisionService
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SBSCPW deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sbscpw deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SBSCPW deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sbscpw deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SBSCPW not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SBSCPW failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SBSCPW
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sbscpw not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sbscpw failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sbscpw
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PIGEONSERVER1.23 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PigeonServer1.23 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PIGEONSERVER1.23 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PigeonServer1.23 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PIGEONSERVER1.23 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PIGEONSERVER1.23 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PIGEONSERVER1.23
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PigeonServer1.23 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PigeonServer1.23 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PigeonServer1.23
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_COM+_MESSAGES\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COM+ Messages deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_COM+_MESSAGES\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\COM+ Messages deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COM+_MESSAGES\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COM+_MESSAGES\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COM+_MESSAGES\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COM+ Messages not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COM+ Messages failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COM+ Messages
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADIDOWN deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ADIDown deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ADIDOWN deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ADIDown deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADIDOWN not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADIDOWN failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADIDOWN
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADIDown not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADIDown failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADIDown
Status: 0xc0000034

File C:\Dokumente und Einstellungen\info\Desktop\nsvc32.exe deleted successfully.
File c:\windows\svchost.exe deleted successfully.
File c:\windows\system32\rpcs.exe deleted successfully.


File c:\windows\system32\zhongguozhizao.3322.org.exe not found!
Deletion of file c:\windows\system32\zhongguozhizao.3322.org.exe failed!

Could not process line:
c:\windows\system32\zhongguozhizao.3322.org.exe
Status: 0xc0000034

File C:\WINDOWS\system32\norton.sys deleted successfully.
File C:\WINDOWS\system32\windhcp.ocx deleted successfully.
File C:\WINDOWS\system32\d3d1caps.SRG deleted successfully.
File C:\WINDOWS\system32\mprmsgse.axz deleted successfully.
File C:\WINDOWS\system32\yfBqE.exe deleted successfully.
File C:\WINDOWS\system32\windhcp.dll deleted successfully.
File C:\WINDOWS\system32\WCapz.exe deleted successfully.
File C:\WINDOWS\system32\WkhXJ.exe deleted successfully.
File C:\WINDOWS\system32\UostF.exe deleted successfully.
File C:\WINDOWS\system32\TnIYr.exe deleted successfully.
File C:\WINDOWS\system32\UAaAU.exe deleted successfully.
File C:\WINDOWS\system32\NuMlJ.exe deleted successfully.
File C:\WINDOWS\system32\QTcPL.exe deleted successfully.
File C:\WINDOWS\system32\vivuD.exe deleted successfully.
File C:\WINDOWS\system32\KNPEX.exe deleted successfully.
File C:\WINDOWS\system32\TWRtl.exe deleted successfully.
File C:\WINDOWS\system32\viJpt.exe deleted successfully.
File C:\WINDOWS\system32\Deleteme.bat deleted successfully.
File C:\WINDOWS\system32\nsvc32.exe deleted successfully.
File C:\WINDOWS\system32\hVaDQ.exe deleted successfully.
File C:\WINDOWS\system32\ulAXDU.exe deleted successfully.
File C:\WINDOWS\system32\Xxmds.exe deleted successfully.
File C:\WINDOWS\system32\RIqMw.exe deleted successfully.
File C:\WINDOWS\system32\vUBDdl.exe deleted successfully.
File C:\WINDOWS\system32\KZTei.exe deleted successfully.
File C:\WINDOWS\system32\TqrVqB.exe deleted successfully.
File C:\WINDOWS\system32\wincab.sys deleted successfully.
File C:\WINDOWS\system32\jGwudB.exe deleted successfully.
File C:\WINDOWS\system32\oNckZ.exe deleted successfully.
File C:\WINDOWS\system32\xYUgau.exe deleted successfully.
File C:\WINDOWS\system32\QhptYx.exe deleted successfully.
File C:\WINDOWS\system32\dllhost32.dll deleted successfully.
File C:\WINDOWS\system32\qsjtddfjcnbaj.dll deleted successfully.
File C:\WINDOWS\system32\ldludivbofpoe.dll deleted successfully.
File C:\WINDOWS\system32\qctvbouriuogg.dll deleted successfully.
File C:\WINDOWS\system32\EgcKkg.exe deleted successfully.
File C:\WINDOWS\system32\hQxrjg.exe deleted successfully.
File C:\WINDOWS\system32\winsys16_061221.dll deleted successfully.
File C:\WINDOWS\bootstat.dat deleted successfully.


File C:\WINDOWS\mhldfsgjldsfjg.exe not found!
Deletion of file C:\WINDOWS\mhldfsgjldsfjg.exe failed!

Could not process line:
C:\WINDOWS\mhldfsgjldsfjg.exe
Status: 0xc0000034

File C:\WINDOWS\0.log deleted successfully.
File C:\WINDOWS\QQIP.exe deleted successfully.
File C:\WINDOWS\bplgwlji.txt deleted successfully.
File C:\WINDOWS\gz.exe deleted successfully.
File C:\WINDOWS\douhaowow.exe deleted successfully.
File C:\WINDOWS\kwl_t4.exe deleted successfully.
File C:\WINDOWS\ztcaizi10223.exe deleted successfully.
File C:\WINDOWS\Realplayones.exe deleted successfully.
File C:\WINDOWS\a.bat deleted successfully.
File C:\hhwimxtw.bat deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\RCX1B.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\VtdkACUC deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\sLeBZjGt deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\IJtggJdK deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\EbGwnbws deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\XNBQCiEC deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\KHgwicPP deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\dnWziDVE deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\oupZJqVa deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\dEIovHWa deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\wowexec.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\GsteLBtt deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\MediaSups.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
________________________________________________________________
DatFindBat:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\system32

23.12.2006 18:00 46.592 xpdhcp.dll
23.12.2006 17:58 65.536 cd212312dqs
11.12.2006 23:53 224.816 FNTCACHE.DAT
05.12.2006 09:42 2.206 wpa.dbl
04.11.2006 11:11 8.891 jupdate-1.5.0_09-b03.log
29.10.2006 09:12 311.740 perfh009.dat

-------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\DOKUME~1\info\LOKALE~1\Temp

23.12.2006 19:02 0 WERC.tmp
23.12.2006 18:57 460 38$$.bat
23.12.2006 18:28 855 jusched.log
23.12.2006 18:20 110.457 jar_cache10076.tmp
23.12.2006 18:20 12.727 jar_cache10075.tmp
23.12.2006 18:20 3.494 jar_cache10074.tmp
23.12.2006 18:20 6.024 jar_cache10073.tmp
23.12.2006 18:20 1.826 jar_cache10072.tmp
23.12.2006 18:20 28.495 jar_cache10071.tmp
23.12.2006 18:20 26.985 jar_cache10070.tmp
23.12.2006 18:20 46.197 jar_cache10069.tmp
23.12.2006 18:19 0 WER4.tmp
23.12.2006 18:16 0 WER3.tmp
23.12.2006 18:06 0 69$$.Ico
23.12.2006 18:06 0 58$$.Ico
23.12.2006 18:05 0 15$$.Ico
23.12.2006 17:56 110.457 jar_cache9128.tmp
23.12.2006 17:56 12.727 jar_cache9127.tmp
23.12.2006 17:56 3.494 jar_cache9126.tmp
23.12.2006 17:56 6.024 jar_cache9125.tmp
23.12.2006 17:56 1.826 jar_cache9124.tmp
23.12.2006 17:56 28.495 jar_cache9123.tmp
23.12.2006 17:56 26.985 jar_cache9122.tmp
23.12.2006 17:56 46.197 jar_cache9121.tmp
23.12.2006 17:47 0 89$$.Ico
23.12.2006 17:11 0 16$$.Ico
23.12.2006 16:58 0 WER2.tmp
23.12.2006 16:55 16.384 Perflib_Perfdata_1ad4.dat
23.12.2006 16:46 0 24$$.Ico
23.12.2006 16:46 0 82$$.Ico
23.12.2006 16:46 0 14$$.Ico
23.12.2006 16:46 0 64$$.Ico
23.12.2006 16:46 0 1$$.Ico
23.12.2006 16:46 0 52$$.Ico
23.12.2006 16:45 0 55$$.Ico
23.12.2006 16:44 0 19$$.Ico
23.12.2006 16:44 0 33$$.Ico
23.12.2006 16:44 0 20$$.Ico
23.12.2006 16:40 0 41$$.Ico
23.12.2006 16:40 0 88$$.Ico
23.12.2006 16:40 0 54$$.Ico
23.12.2006 16:40 0 12$$.Ico
23.12.2006 16:40 0 3$$.Ico
23.12.2006 16:40 0 2$$.Ico
23.12.2006 16:40 0 79$$.Ico
23.12.2006 16:40 10 Desktop_.ini
23.12.2006 16:31 0 WER24.tmp
23.12.2006 16:21 0 WER1.tmp
23.12.2006 16:20 0 WER1A.tmp
23.12.2006 16:14 0 WER1B.tmp
23.12.2006 16:08 0 WER28.tmp
29.08.2002 02:43 24.064 Mhgx.dll
52 Datei(en) 514.183 Bytes
0 Verzeichnis(se), 4.083.634.176 Bytes frei
-------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS

23.12.2006 19:02 0 0.log
23.12.2006 19:01 1.541.003 WindowsUpdate.log
23.12.2006 18:59 32.636 SchedLgU.Txt
23.12.2006 18:59 50 wiaservc.log
23.12.2006 18:59 157 wiadebug.log
23.12.2006 18:59 868.864 Serverqq.DLL
23.12.2006 18:58 13.897 cq.exe
23.12.2006 18:23 104.448 Serverqq_Hook.DLL
23.12.2006 18:22 42.316 ly.exe
23.12.2006 18:22 37.376 jh.exe
23.12.2006 18:22 81.201 361762.DLL
23.12.2006 18:18 65.536 361762M.BMP
23.12.2006 18:00 62.464 wl.exe
23.12.2006 17:59 57.856 zt.exe
23.12.2006 17:58 57.856 22.exe
22.12.2006 18:33 394.240 Serverqq.exe
22.12.2006 17:55 184.884 setupact.log
22.12.2006 13:49 449.376 setupapi.log
21.12.2006 20:28 116 NeroDigital.ini
21.12.2006 20:18 54.156 QTFont.qfn
20.12.2006 22:38 1.086 win.ini
20.12.2006 21:49 16 KB611311.log
15.12.2006 22:43 725 aolback.exe.lnk
15.12.2006 22:42 61.136 wmsetup.log
15.12.2006 22:33 4 msoffice.ini
28.11.2006 16:38 151 PhotoSnapViewer.INI
17.11.2006 17:20 1.409 QTFont.for
15.11.2006 13:58 0 muma2004.INI
14.10.2006 16:10 2.780 KB911567-OE6SP1-20060316.165634Uninst.log
14.10.2006 16:10 527.082 iis6.log
14.10.2006 16:10 154.539 comsetup.log
14.10.2006 16:10 21.841 tabletoc.log
14.10.2006 16:10 1.393 imsins.log

-------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\Temp

23.12.2006 17:25 0 scs57.tmp
1 Datei(en) 0 Bytes
0 Verzeichnis(se), 4.083.634.176 Bytes frei
-------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\Downloaded Program Files

09.11.2006 14:36 5.019 swflash.inf
-------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\

23.12.2006 19:05 0 sys.txt
23.12.2006 19:05 1.210 down.txt
23.12.2006 19:05 274 temp.txt
23.12.2006 19:04 274 tmp.txt
23.12.2006 19:04 6.942 windows.txt
23.12.2006 19:04 10.394 system.txt
23.12.2006 19:04 2.811 systemtemp.txt
23.12.2006 19:03 94.299 system32.txt
23.12.2006 19:02 12.996 test.log
23.12.2006 18:58 267.968.512 hiberfil.sys
23.12.2006 18:58 402.653.184 pagefile.sys
23.12.2006 18:58 28.824 avenger.txt
23.12.2006 16:21 1.131 c.txt
23.12.2006 15:09 6.023 delete please.txt
22.12.2006 15:16 22.288 der 2. rest.txt
22.12.2006 14:23 11.662 jmlxkapo.txt
21.12.2006 20:11 21.102 der rest.txt
21.12.2006 19:25 15.006 ComboFix.txt
21.12.2006 18:48 4.161 ComboFix2.txt
03.08.2006 22:01 0 CONFIG.SYS
--------------------------------------------------------------------------

so

#17 noch mal das log von ServiceFilter.zip
__________
MfG Sabina

rund um die PC-Sicherheit

#18 ahja genau ich wusste das was fehlt

Unknown Service # 5
Service Name: Process Launcher
Display Name: Process Launcher
Start Mode: Auto
Start Name: LocalSystem
Description: Process ...
Service Type: Own Process
Path: c:\windows\serverqq.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1067
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 6
Service Name: RpcS
Display Name: Remote Procedure Call System(RPCS)
Start Mode: Auto
Start Name: LocalSystem
Description: ¹ÜÀí²¢¿ØÖÆRPC·þÎñÊý¾Ý¿â¡£...
Service Type: Own Process
Path: c:\windows\system32\rpcs.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch



Unknown Service # 9
Service Name: WinDHCPsvc
Display Name: Windows DHCP Service
Start Mode: Auto
Start Name: LocalSystem
Description: ΪԶ³Ì¼ÆËã»ú×¢²á²¢¸üРIP ...
Service Type: Own Process
Path: c:\windows\system32\rundll32.exe windhcp.ocx,start
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 10
Service Name: WinXPDHCPsvc
Display Name: WinXP DHCP Service
Start Mode: Auto
Start Name: LocalSystem
Description: ΪԶ³Ì¼ÆËã»ú×¢²á²¢¸üРIP ...
Service Type: Own Process
Path: c:\windows\system32\rundll32.exe xpdhcp.dll,start
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

---> End Service Listing <---

There are 86 Win32 services on this machine.
10 were unrecognized.

Script Execution Time: 3,15625 seconds.

#19 Avenger

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PROCESS_LAUNCHER\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PROCESS_LAUNCHER\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Process Launcher
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Process Launcher
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Process Launcher
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROCESS_LAUNCHER\0000

Files to delete:
c:\windows\serverqq.exe
C:\WINDOWS\system32\xpdhcp.dll
C:\WINDOWS\system32\cd212312dqs
C:\WINDOWS\Serverqq.DLL
C:\WINDOWS\cq.exe
C:\WINDOWS\Serverqq_Hook.DLL
C:\WINDOWS\ly.exe
C:\WINDOWS\jh.exe
C:\WINDOWS\361762.DLL
C:\WINDOWS\361762M.BMP
C:\WINDOWS\wl.exe
C:\WINDOWS\zt.exe
C:\WINDOWS\22.exe
C:\WINDOWS\Serverqq.exe

«
noch mal die 6 logs von datfindbat
__________
MfG Sabina

rund um die PC-Sicherheit

#20 ^
^
^
^
^ das jetzt für avenger?

#21 ja, es ist noch nicht komplett, aber wir wurschteln uns so durch
__________
MfG Sabina

rund um die PC-Sicherheit

#22 hier schonmal der avenger log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vaaurvfo

*******************

Script file located at: \??\C:\WINDOWS\rikexyvp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PROCESS_LAUNCHER\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PROCESS_LAUNCHER\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Process Launcher deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Process Launcher deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Process Launcher not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Process Launcher failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Process Launcher
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROCESS_LAUNCHER\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROCESS_LAUNCHER\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROCESS_LAUNCHER\0000
Status: 0xc0000034

File C:\WINDOWS\system32\xpdhcp.dll deleted successfully.
File C:\WINDOWS\system32\cd212312dqs deleted successfully.
File C:\WINDOWS\Serverqq.DLL deleted successfully.
File C:\WINDOWS\cq.exe deleted successfully.
File C:\WINDOWS\Serverqq_Hook.DLL deleted successfully.
File C:\WINDOWS\ly.exe deleted successfully.
File C:\WINDOWS\jh.exe deleted successfully.
File C:\WINDOWS\361762.DLL deleted successfully.
File C:\WINDOWS\361762M.BMP deleted successfully.
File C:\WINDOWS\wl.exe deleted successfully.
File C:\WINDOWS\zt.exe deleted successfully.
File C:\WINDOWS\22.exe deleted successfully.
File C:\WINDOWS\Serverqq.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



wird gleich editiert für datfind...

#23 kopiere in searchreg:

WinXPDHCPsvc

WinDHCPsvc

rpcs.exe

RpcS

__________
+
noch mal die 6 logs von datfindbat
__________
MfG Sabina

rund um die PC-Sicherheit

#24 WinXPDHCPsvc

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 23.12.2006 19:22:48 for strings:
; 'winxpdhcpsvc'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINXPDHCPSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINXPDHCPSVC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINXPDHCPSVC\0000]
"Service"="WinXPDHCPsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinXPDHCPsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinXPDHCPsvc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinXPDHCPsvc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinXPDHCPsvc\Enum]
"0"="Root\\LEGACY_WINXPDHCPSVC\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINXPDHCPSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINXPDHCPSVC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINXPDHCPSVC\0000]
"Service"="WinXPDHCPsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinXPDHCPsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinXPDHCPsvc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINXPDHCPSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINXPDHCPSVC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINXPDHCPSVC\0000]
"Service"="WinXPDHCPsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinXPDHCPsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinXPDHCPsvc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinXPDHCPsvc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinXPDHCPsvc\Enum]
"0"="Root\\LEGACY_WINXPDHCPSVC\\0000"

; End Of The Log...


WinDHCPsvc
REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 23.12.2006 19:25:10 for strings:
; 'windhcpsvc'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDHCPSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDHCPSVC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDHCPSVC\0000]
"Service"="WinDHCPsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDHCPsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDHCPsvc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDHCPsvc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDHCPsvc\Enum]
"0"="Root\\LEGACY_WINDHCPSVC\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDHCPSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDHCPSVC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDHCPSVC\0000]
"Service"="WinDHCPsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinDHCPsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinDHCPsvc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDHCPSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDHCPSVC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDHCPSVC\0000]
"Service"="WinDHCPsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDHCPsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDHCPsvc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDHCPsvc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDHCPsvc\Enum]
"0"="Root\\LEGACY_WINDHCPSVC\\0000"

; End Of The Log...



rpcs.exe
REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 23.12.2006 19:27:39 for strings:
; 'rpcs.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcS]
; Contents of value:
; c:\windows\system32\rpcs.exe
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,32,5c,\
52,70,63,53,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RpcS]
; Contents of value:
; c:\windows\system32\rpcs.exe
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,32,5c,\
52,70,63,53,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcS]
; Contents of value:
; c:\windows\system32\rpcs.exe
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,32,5c,\
52,70,63,53,2e,65,78,65,00

; End Of The Log...


RpcS
REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 23.12.2006 19:30:00 for strings:
; 'rpcs'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCS\0000]
"Service"="RpcS"
"DeviceDesc"="Remote Procedure Call System(RPCS)"

-------------------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCSS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCSS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCSS\0000]
"Service"="RpcSs"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCSS\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCSS\0000\Control]
"ActiveService"="RpcSs"


[HKEY_USERS\S-1-5-21-1757981266-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"e"="C:\\Dokumente und Einstellungen\\info\\Desktop\\rpcs.txt"

[HKEY_USERS\S-1-5-21-1757981266-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt]
"h"="C:\\Dokumente und Einstellungen\\info\\Desktop\\rpcs.txt"

; End Of The Log...
______________________________________________________________
DatFindBat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\system32

23.12.2006 19:24 46.592 xpdhcp.dll
23.12.2006 19:23 41.984 windhcp.dll
23.12.2006 19:22 41.984 windhcp.ocx
23.12.2006 19:22 3.745 norton.sys

------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\DOKUME~1\info\LOKALE~1\Temp

23.12.2006 19:24 1.197 jusched.log
23.12.2006 19:22 0 WER10.tmp
23.12.2006 19:02 0 WERC.tmp
23.12.2006 18:57 460 38$$.bat
23.12.2006 18:20 110.457 jar_cache10076.tmp
23.12.2006 18:20 12.727 jar_cache10075.tmp
23.12.2006 18:20 3.494 jar_cache10074.tmp
23.12.2006 18:20 6.024 jar_cache10073.tmp
23.12.2006 18:20 1.826 jar_cache10072.tmp
23.12.2006 18:20 28.495 jar_cache10071.tmp
23.12.2006 18:20 26.985 jar_cache10070.tmp
23.12.2006 18:20 46.197 jar_cache10069.tmp
23.12.2006 18:19 0 WER4.tmp
23.12.2006 18:16 0 WER3.tmp
23.12.2006 18:06 0 69$$.Ico
23.12.2006 18:06 0 58$$.Ico
23.12.2006 18:05 0 15$$.Ico
23.12.2006 17:56 110.457 jar_cache9128.tmp
23.12.2006 17:56 12.727 jar_cache9127.tmp
23.12.2006 17:56 3.494 jar_cache9126.tmp
23.12.2006 17:56 6.024 jar_cache9125.tmp
23.12.2006 17:56 1.826 jar_cache9124.tmp
23.12.2006 17:56 28.495 jar_cache9123.tmp
23.12.2006 17:56 26.985 jar_cache9122.tmp
23.12.2006 17:56 46.197 jar_cache9121.tmp
23.12.2006 17:47 0 89$$.Ico
23.12.2006 17:11 0 16$$.Ico
23.12.2006 16:58 0 WER2.tmp
23.12.2006 16:55 16.384 Perflib_Perfdata_1ad4.dat
23.12.2006 16:46 0 24$$.Ico
23.12.2006 16:46 0 82$$.Ico
23.12.2006 16:46 0 14$$.Ico
23.12.2006 16:46 0 64$$.Ico
23.12.2006 16:46 0 1$$.Ico
23.12.2006 16:46 0 52$$.Ico
23.12.2006 16:45 0 55$$.Ico
23.12.2006 16:44 0 19$$.Ico
23.12.2006 16:44 0 33$$.Ico
23.12.2006 16:44 0 20$$.Ico
23.12.2006 16:40 0 41$$.Ico
23.12.2006 16:40 0 88$$.Ico
23.12.2006 16:40 0 54$$.Ico
23.12.2006 16:40 0 12$$.Ico
23.12.2006 16:40 0 3$$.Ico
23.12.2006 16:40 0 2$$.Ico
23.12.2006 16:40 0 79$$.Ico
23.12.2006 16:40 10 Desktop_.ini
23.12.2006 16:31 0 WER24.tmp
23.12.2006 16:21 0 WER1.tmp
23.12.2006 16:20 0 WER1A.tmp
23.12.2006 16:14 0 WER1B.tmp
23.12.2006 16:08 0 WER28.tmp
29.08.2002 02:43 24.064 Mhgx.dll
53 Datei(en) 514.525 Bytes
0 Verzeichnis(se), 4.083.032.064 Bytes frei
-------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS

23.12.2006 19:24 62.464 wl.exe
23.12.2006 19:23 57.856 zt.exe
23.12.2006 19:22 57.856 22.exe
23.12.2006 19:21 65.536 361762M.BMP
23.12.2006 19:21 81.201 361762.DLL
23.12.2006 19:21 0 0.log
23.12.2006 19:20 1.561.889 WindowsUpdate.log
23.12.2006 19:19 32.636 SchedLgU.Txt
23.12.2006 19:19 50 wiaservc.log
23.12.2006 19:19 159 wiadebug.log
23.12.2006 19:15 10.240 Thumbs.db
23.12.2006 19:15 116 NeroDigital.ini
22.12.2006 17:55 184.884 setupact.log
22.12.2006 13:49 449.376 setupapi.log
21.12.2006 20:18 54.156 QTFont.qfn
20.12.2006 22:38 1.086 win.ini
20.12.2006 21:49 16 KB611311.log
15.12.2006 22:43 725 aolback.exe.lnk
15.12.2006 22:42 61.136 wmsetup.log

------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\Temp

23.12.2006 17:25 0 scs57.tmp
1 Datei(en) 0 Bytes
0 Verzeichnis(se), 4.082.962.432 Bytes frei
-----------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\Downloaded Program Files

09.11.2006 14:36 5.019 swflash.inf
------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\

23.12.2006 19:34 0 sys.txt
23.12.2006 19:34 186 down.txt
23.12.2006 19:34 13.230 test.log
23.12.2006 19:34 274 temp.txt
23.12.2006 19:34 274 tmp.txt
23.12.2006 19:34 6.704 windows.txt
23.12.2006 19:33 10.154 system.txt
23.12.2006 19:33 2.858 systemtemp.txt
23.12.2006 19:33 1.016 system32.txt
23.12.2006 19:20 4.494 avenger.txt
23.12.2006 19:19 267.968.512 hiberfil.sys
23.12.2006 19:19 402.653.184 pagefile.sys
23.12.2006 19:11 1.081 c.txt
23.12.2006 15:09 6.023 delete please.txt
22.12.2006 15:16 22.288 der 2. rest.txt
22.12.2006 14:23 11.662 jmlxkapo.txt
21.12.2006 20:11 21.102 der rest.txt
21.12.2006 19:25 15.006 ComboFix.txt
21.12.2006 18:48 4.161 ComboFix2.txt
03.08.2006 22:01 0 CONFIG.SYS
_____________________________________________________________

mein pc läuft inzwischen schneller und stürzt auch nicht mehr ab .. als zwischenbilanz

#25 Avenger

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINXPDHCPSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinXPDHCPsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINXPDHCPSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinXPDHCPsvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINXPDHCPSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinXPDHCPsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDHCPSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDHCPsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDHCPSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinDHCPsvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDHCPSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDHCPsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RpcS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCS

Files to delete:
C:\Dokumente und Einstellungen\info\Desktop\rpcs.txt
C:\WINDOWS\Temp\scs57.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WERC.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\38$$.bat
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10076.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10075.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10074.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10073.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10072.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10071.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10070.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10069.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER4.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER3.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\69$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\58$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\15$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9128.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9127.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9126.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9125.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9124.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9123.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9122.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9121.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\89$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\16$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER2.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\24$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\82$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\14$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\64$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\1$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\52$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\55$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\19$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\33$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\20$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\41$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\88$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\54$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\12$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\3$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\2$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\79$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER24.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER1.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER1A.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER1B.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER28.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\Mhgx.dll
C:\WINDOWS\wl.exe
C:\WINDOWS\zt.exe
C:\WINDOWS\22.exe
C:\WINDOWS\361762M.BMP
C:\WINDOWS\361762.DLL
C:\WINDOWS\system32\xpdhcp.dll
C:\WINDOWS\system32\windhcp.dll
C:\WINDOWS\system32\windhcp.ocx
C:\WINDOWS\system32\norton.sys

+
noch mal die 6 logs vond datfindbat + das service-Log
__________
MfG Sabina

rund um die PC-Sicherheit

#26 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fslfsybr

*******************

Script file located at: \??\C:\nutbrgcq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINXPDHCPSVC deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinXPDHCPsvc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINXPDHCPSVC deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinXPDHCPsvc deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINXPDHCPSVC not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINXPDHCPSVC failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINXPDHCPSVC
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinXPDHCPsvc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinXPDHCPsvc failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinXPDHCPsvc
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDHCPSVC deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDHCPsvc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDHCPSVC deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinDHCPsvc deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDHCPSVC not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDHCPSVC failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDHCPSVC
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDHCPsvc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDHCPsvc failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDHCPsvc
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RpcS deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcS not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcS failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcS
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCS deleted successfully.
File C:\Dokumente und Einstellungen\info\Desktop\rpcs.txt deleted successfully.
File C:\WINDOWS\Temp\scs57.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WERC.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\38$$.bat deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10076.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10075.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10074.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10073.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10072.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10071.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10070.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache10069.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER4.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER3.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\69$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\58$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\15$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9128.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9127.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9126.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9125.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9124.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9123.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9122.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\jar_cache9121.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\89$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\16$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER2.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\24$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\82$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\14$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\64$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\1$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\52$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\55$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\19$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\33$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\20$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\41$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\88$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\54$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\12$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\3$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\2$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\79$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER24.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER1.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER1A.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER1B.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER28.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\Mhgx.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


datfind und servicefilter werden gleich hinein editiert

#27 +
noch mal die 6 logs von datfindbat + das service-Log
__________
MfG Sabina

rund um die PC-Sicherheit

#28 ServiceFilter


The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Professional
Version: 5.1.2600 Service Pack 1
Dez 23, 2006 19:56:34


---> Begin Service Listing <---

Unknown Service # 1
Service Name: AntiVirScheduler
Display Name: AntiVir PersonalEdition Classic Planer
Start Mode: Auto
Start Name: LocalSystem
Description: Dienst zur Steuerung von AntiVir Prüfaufträgen und ...
Service Type: Own Process
Path: c:\programme\antivir personaledition classic\sched.exe
State: Running
Process ID: 1696
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 2
Service Name: AntiVirService
Display Name: AntiVir PersonalEdition Classic Guard
Start Mode: Auto
Start Name: LocalSystem
Description: Bietet permanente Schutz vor Viren und Malware mit der AntiVir ...
Service Type: Own Process
Path: c:\programme\antivir personaledition classic\avguard.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1067
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service #3
Service Name: AOL ACS
Display Name: AOL Connectivity Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\progra~1\gemein~1\aol\acs\aolacsd.exe
State: Running
Process ID: 1736
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 4
Service Name: IDriverT
Display Name: InstallDriver Table Manager
Start Mode: Manual
Start Name: LocalSystem
Description: Provides support for the Running Object Table for InstallShield ...
Service Type: Own Process
Path: c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service #5
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{9dec5113-b4aa-455c-b16f-939ea75a17f1}
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 6
Service Name: usnsvc
Display Name: Messenger Sharing USN Journal Reader-Service
Start Mode: Manual
Start Name: LocalSystem
Description: Ein von Messenger installierter Service, der Freigabeszenarien ...
Service Type: Own Process
Path: c:\windows\system32\svchost.exe -k usnsvc
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 7
Service Name: Win32DHCPsvc
Display Name: Win32 DHCP Service
Start Mode: Auto
Start Name: LocalSystem
Description: ΪԶ³Ì¼ÆËã»ú×¢²á²¢¸üРIP ...
Service Type: Own Process
Path: c:\windows\system32\rundll32.exe windhcp.dll,start
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 8
Service Name: WinDHCPsvc
Display Name: Windows DHCP Service
Start Mode: Auto
Start Name: LocalSystem
Description: ΪԶ³Ì¼ÆËã»ú×¢²á²¢¸üРIP ...
Service Type: Own Process
Path: c:\windows\system32\rundll32.exe windhcp.ocx,start
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 9
Service Name: WinXPDHCPsvc
Display Name: WinXP DHCP Service
Start Mode: Auto
Start Name: LocalSystem
Description: ΪԶ³Ì¼ÆËã»ú×¢²á²¢¸üРIP ...
Service Type: Own Process
Path: c:\windows\system32\rundll32.exe xpdhcp.dll,start
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

---> End Service Listing <---

There are 85 Win32 services on this machine.
9 were unrecognized.

Script Execution Time: 3,078125 seconds.

______________________________________________________________
DatFindBat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\system32

23.12.2006 19:52 46.592 xpdhcp.dll
23.12.2006 19:51 41.984 windhcp.dll
23.12.2006 19:51 41.984 windhcp.ocx
23.12.2006 19:51 3.745 norton.sys
23.12.2006 19:21 65.536 cd212312dqs
11.12.2006 23:53 224.816 FNTCACHE.DAT
05.12.2006 09:42 2.206 wpa.dbl
04.11.2006 11:11 8.891 jupdate-1.5.0_09-b03.log
29.10.2006 09:12 311.740 perfh009.dat
29.10.2006 09:12 40.128 perfc009.dat
29.10.2006 09:12 316.924 perfh007.dat
29.10.2006 09:12 48.354 perfc007.dat
29.10.2006 09:12 723.744 PerfStringBackup.INI
12.10.2006 03:10 127.078 javaws.exe
12.10.2006 03:10 49.265 jpicpl32.cpl
12.10.2006 01:35 53.346 javaw.exe
12.10.2006 01:35 49.248 java.exe
04.10.2006 12:03 9.639.336 MRT.exe
21.08.2006 19:43 176.167 rmoc3260.dll
----------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\DOKUME~1\info\LOKALE~1\Temp

23.12.2006 19:47 460 99$$.bat
23.12.2006 19:34 0 84$$.Ico
23.12.2006 19:24 1.197 jusched.log
23.12.2006 19:22 0 WER10.tmp
23.12.2006 16:55 16.384 Perflib_Perfdata_1ad4.dat
23.12.2006 16:40 10 Desktop_.ini
29.08.2002 02:43 24.064 Mhgx.dll
7 Datei(en) 42.115 Bytes
0 Verzeichnis(se), 4.082.442.240 Bytes frei
------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS

23.12.2006 19:52 62.464 wl.exe
23.12.2006 19:51 57.856 zt.exe
23.12.2006 19:51 57.856 22.exe
23.12.2006 19:51 65.536 361762M.BMP
23.12.2006 19:51 81.201 361762.DLL
23.12.2006 19:50 32.636 SchedLgU.Txt
23.12.2006 19:50 0 0.log
23.12.2006 19:50 1.584.009 WindowsUpdate.log
23.12.2006 19:49 50 wiaservc.log
23.12.2006 19:49 159 wiadebug.log
23.12.2006 19:15 10.240 Thumbs.db
23.12.2006 19:15 116 NeroDigital.ini
22.12.2006 17:55 184.884 setupact.log
22.12.2006 13:49 449.376 setupapi.log
21.12.2006 20:18 54.156 QTFont.qfn
20.12.2006 22:38 1.086 win.ini
20.12.2006 21:49 16 KB611311.log
15.12.2006 22:43 725 aolback.exe.lnk
15.12.2006 22:42 61.136 wmsetup.log
15.12.2006 22:33 4 msoffice.ini
28.11.2006 16:38 151 PhotoSnapViewer.INI
17.11.2006 17:20 1.409 QTFont.for
15.11.2006 13:58 0 muma2004.INI
14.10.2006 16:10 2.780 KB911567-OE6SP1-20060316.165634Uninst.log
14.10.2006 16:10 527.082 iis6.log
14.10.2006 16:10 154.539 comsetup.log
14.10.2006 16:10 203.663 tsoc.log
14.10.2006 16:10 93.281 ntdtcsetup.log
14.10.2006 16:10 21.841 tabletoc.log
14.10.2006 16:10 1.393 imsins.log
14.10.2006 16:10 15.727 ocmsn.log
14.10.2006 16:10 75.542 netfxocm.log
14.10.2006 16:10 234.097 ocgen.log
14.10.2006 16:10 21.630 msgsocm.log
14.10.2006 16:10 425.025 FaxSetup.log
14.10.2006 16:10 143.568 msmqinst.log
14.10.2006 16:10 1.393 imsins.BAK
14.10.2006 16:10 4.842 KB891781Uninst.log
14.10.2006 16:09 4.491 KB890859Uninst.log
14.10.2006 16:09 39.102 updspapi.log
14.10.2006 16:08 2.411 KB893803v2Uninst.log
14.10.2006 16:01 4.364 KB888302Uninst.log
14.10.2006 16:00 3.340 KB835409Uninst.log
14.10.2006 16:00 3.355 KB892944Uninst.log
14.10.2006 15:49 48.622 KB842773Uninst.log
14.10.2006 15:49 48.787 KB918899-IE6SP1-20060725.123917Uninst.log
14.10.2006 15:48 44.710 KB923191Uninst.log
14.10.2006 15:47 43.109 KB920683Uninst.log
14.10.2006 15:47 40.623 KB920670Uninst.log
14.10.2006 15:47 40.109 KB919007Uninst.log
14.10.2006 15:47 39.033 KB917953Uninst.log
14.10.2006 15:46 37.892 KB917422Uninst.log
14.10.2006 15:46 36.449 KB917344Uninst.log
14.10.2006 15:46 35.864 KB914389Uninst.log
14.10.2006 15:46 32.120 KB914388Uninst.log
14.10.2006 15:45 27.327 KB913580Uninst.log
14.10.2006 15:44 24.195 KB912919Uninst.log
14.10.2006 15:44 22.820 KB908519Uninst.log
14.10.2006 15:43 21.226 KB905749Uninst.log
14.10.2006 15:43 19.497 KB905414Uninst.log
14.10.2006 15:42 18.534 KB904706Uninst.log
14.10.2006 15:42 18.766 KB902400Uninst.log
14.10.2006 15:41 12.170 KB901214Uninst.log
14.10.2006 15:41 10.664 KB899589Uninst.log
14.10.2006 15:41 9.986 KB900725Uninst.log
14.10.2006 15:40 8.345 KB896428Uninst.log
14.10.2006 15:40 6.299 KB890046Uninst.log
14.10.2006 15:39 6.191 KB898461Uninst.log
14.10.2006 15:39 4.480 KB908531Uninst.log
14.10.2006 15:37 164 wininit.ini
14.10.2006 11:08 2.266 mozver.dat
14.10.2006 11:01 20.147 KB902400.log
14.10.2006 10:59 37.512 KB920670.log
14.10.2006 10:58 36.981 KB891781.log
14.10.2006 10:58 2.064 vminst.log
14.10.2006 10:57 37.911 KB890046.log
14.10.2006 10:56 36.603 KB899589.log
14.10.2006 10:55 37.022 KB919007.log
14.10.2006 10:54 37.444 KB914388.log
14.10.2006 10:53 16.773 KB904706.log
14.10.2006 10:51 25.103 KB917344.log
14.10.2006 10:51 25.577 KB905414.log
14.10.2006 10:50 25.068 KB917953.log
14.10.2006 10:48 24.929 KB901214.log
14.10.2006 10:47 24.455 KB923191.log
14.10.2006 10:45 22.717 KB917422.log
14.10.2006 10:45 20.377 KB892944.log
14.10.2006 10:44 21.651 KB888302.log
14.10.2006 10:43 23.524 KB900725.log
14.10.2006 10:43 21.257 KB912919.log
14.10.2006 10:42 9.528 KB918899-IE6SP1-20060725.123917.log
14.10.2006 10:41 14.949 KB911567-OE6SP1-20060316.165634.log
13.10.2006 23:07 25.214 KB908531.log
13.10.2006 23:05 21.890 KB905749.log
13.10.2006 23:04 22.404 KB913580.log
13.10.2006 23:01 19.607 KB896428.log
13.10.2006 22:58 16.589 KB835409.log
13.10.2006 22:57 20.079 KB908519.log
13.10.2006 22:57 20.209 KB920683.log
13.10.2006 22:55 19.601 KB914389.log
13.10.2006 22:53 20.105 KB890859.log
13.10.2006 18:58 7.663 KB899587.log
13.10.2006 18:57 7.564 KB924191.log
13.10.2006 18:57 7.730 KB922819.log
13.10.2006 18:57 7.856 KB885835.log
13.10.2006 18:57 7.347 KB885836.log
13.10.2006 18:56 7.168 KB923414.log
13.10.2006 18:56 7.065 KB911927.log
13.10.2006 18:56 6.968 KB922616.log
13.10.2006 18:56 6.876 KB901017.log
13.10.2006 18:56 6.768 KB899591.log
13.10.2006 18:56 6.676 KB920685.log
13.10.2006 18:55 6.583 KB896424.log
13.10.2006 18:55 6.474 KB893756.log
13.10.2006 18:55 6.381 KB911280.log
13.10.2006 18:55 6.648 KB911562.log
13.10.2006 18:54 6.254 KB873339.log
13.10.2006 18:54 6.084 KB924496.log
13.10.2006 18:54 5.998 KB921398.log
13.10.2006 18:53 5.885 KB896358.log
13.10.2006 18:53 5.877 KB905495.log
13.10.2006 18:24 3.504 KB921883.log
13.10.2006 18:24 3.600 KB896423.log
13.10.2006 18:08 7.320 KB842773.log
13.10.2006 18:07 9.043 KB893803v2.log
13.10.2006 18:06 8.531 KB898461.log
27.08.2006 17:55 335 nsreg.dat
-----------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\Temp
-----------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\Downloaded Program Files

09.11.2006 14:36 5.019 swflash.inf
-----------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\

23.12.2006 19:55 0 sys.txt
23.12.2006 19:55 186 down.txt
23.12.2006 19:54 13.698 test.log
23.12.2006 19:54 117 temp.txt
23.12.2006 19:54 117 tmp.txt
23.12.2006 19:54 6.700 windows.txt
23.12.2006 19:54 10.154 system.txt
23.12.2006 19:54 589 systemtemp.txt
23.12.2006 19:53 1.063 system32.txt
23.12.2006 19:49 267.968.512 hiberfil.sys
23.12.2006 19:49 402.653.184 pagefile.sys
23.12.2006 19:49 16.524 avenger.txt
23.12.2006 19:34 1.081 c.txt
23.12.2006 15:09 6.023 delete please.txt
22.12.2006 15:16 22.288 der 2. rest.txt
22.12.2006 14:23 11.662 jmlxkapo.txt
21.12.2006 20:11 21.102 der rest.txt
21.12.2006 19:25 15.006 ComboFix.txt
21.12.2006 18:48 4.161 ComboFix2.txt
03.08.2006 22:01 0 CONFIG.SYS
____________________________________________________________

#29 Start --> Ausführen --> reinkopieren (wenn eine Fehlermeldung kommt...ignorieren) --> klicke nach jedem O.K.

sc stop Win32DHCPsvc

sc delete Win32DHCPsvc

sc stop WinDHCPsvc

sc delete WinDHCPsvc

sc stop WinXPDHCPsvc

sc delete WinXPDHCPsvc

___________________

Zitat

Files to delete:
C:\WINDOWS\wl.exe
C:\WINDOWS\zt.exe
C:\WINDOWS\22.exe
C:\WINDOWS\361762M.BMP
C:\WINDOWS\361762.DLL
C:\WINDOWS\system32\xpdhcp.dll
C:\WINDOWS\system32\windhcp.dll
C:\WINDOWS\system32\windhcp.ocx
C:\WINDOWS\system32\norton.sys
C:\WINDOWS\system32\cd212312dqs
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\99$$.bat
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\84$$.Ico
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER10.tmp
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\Desktop_.ini
C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\Mhgx.dll

+
poste noch mal ie 6 logs von datfindbat

---------

mit regsearch suchen

Win32DHCPsvc

WinXPDHCPsvc

WinDHCPsvc

windhcp

xpdhcp

«
__________
MfG Sabina

rund um die PC-Sicherheit

#30 EDIT:

ich glaub ma weil da steht files to delete, avenger also hier der log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\eohlavdm

*******************

Script file located at: \??\C:\gnloflny.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\wl.exe deleted successfully.
File C:\WINDOWS\zt.exe deleted successfully.
File C:\WINDOWS\22.exe deleted successfully.
File C:\WINDOWS\361762M.BMP deleted successfully.
File C:\WINDOWS\361762.DLL deleted successfully.
File C:\WINDOWS\system32\xpdhcp.dll deleted successfully.
File C:\WINDOWS\system32\windhcp.dll deleted successfully.
File C:\WINDOWS\system32\windhcp.ocx deleted successfully.
File C:\WINDOWS\system32\norton.sys deleted successfully.


File C:\WINDOWS\system32\cd212312dqs not found!
Deletion of file C:\WINDOWS\system32\cd212312dqs failed!

Could not process line:
C:\WINDOWS\system32\cd212312dqs
Status: 0xc0000034

File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\99$$.bat deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\84$$.Ico deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\WER10.tmp deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\Desktop_.ini deleted successfully.
File C:\Dokumente und Einstellungen\info\Lokale Einstellungen\Temp\Mhgx.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

______________________________________________________________

DatFindBat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\system32

23.12.2006 20:09 98 d3d1caps.SRG
23.12.2006 20:02 32 mprmsgse.axz
11.12.2006 23:53 224.816 FNTCACHE.DAT
05.12.2006 09:42 2.206 wpa.dbl
04.11.2006 11:11 8.891 jupdate-1.5.0_09-b03.log
29.10.2006 09:12 311.740 perfh009.dat
29.10.2006 09:12 40.128 perfc009.dat
29.10.2006 09:12 316.924 perfh007.dat
29.10.2006 09:12 48.354 perfc007.dat
29.10.2006 09:12 723.744 PerfStringBackup.INI
12.10.2006 03:10 127.078 javaws.exe
12.10.2006 03:10 49.265 jpicpl32.cpl
12.10.2006 01:35 53.346 javaw.exe
12.10.2006 01:35 49.248 java.exe
04.10.2006 12:03 9.639.336 MRT.exe
21.08.2006 19:43 176.167 rmoc3260.dll
-------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\DOKUME~1\info\LOKALE~1\Temp

23.12.2006 20:50 1.710 jusched.log
23.12.2006 20:50 0 18$$.Ico
23.12.2006 20:50 766 53$$.Ico
23.12.2006 20:50 0 24$$.Ico
23.12.2006 20:50 0 14$$.Ico
23.12.2006 20:50 0 26$$.Ico
23.12.2006 20:50 0 13$$.Ico
23.12.2006 20:50 766 44$$.Ico
23.12.2006 20:49 766 88$$.Ico
23.12.2006 20:06 12.936 control.xml
23.12.2006 20:04 0 42$$.Ico
23.12.2006 16:55 16.384 Perflib_Perfdata_1ad4.dat
12 Datei(en) 33.328 Bytes
0 Verzeichnis(se), 4.046.086.144 Bytes frei
----------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS

23.12.2006 20:45 0 0.log
23.12.2006 20:45 32.636 SchedLgU.Txt
23.12.2006 20:45 1.628.249 WindowsUpdate.log
23.12.2006 20:45 159 wiadebug.log
23.12.2006 20:45 50 wiaservc.log
23.12.2006 20:39 54.156 QTFont.qfn
23.12.2006 20:07 452.502 setupapi.log
23.12.2006 20:06 62.446 wmsetup.log
23.12.2006 19:15 10.240 Thumbs.db
23.12.2006 19:15 116 NeroDigital.ini
22.12.2006 17:55 184.884 setupact.log
20.12.2006 22:38 1.086 win.ini
20.12.2006 21:49 16 KB611311.log
15.12.2006 22:43 725 aolback.exe.lnk
15.12.2006 22:33 4 msoffice.ini

-------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\Temp

23.12.2006 20:02 2.792 MircrGFX.dat
1 Datei(en) 2.792 Bytes
0 Verzeichnis(se), 4.046.086.144 Bytes frei
-------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\WINDOWS\Downloaded Program Files

09.11.2006 14:36 5.019 swflash.inf
------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 08BF-B934

Verzeichnis von C:\

23.12.2006 20:53 0 sys.txt
23.12.2006 20:53 186 down.txt
23.12.2006 20:53 277 temp.txt
23.12.2006 20:53 277 tmp.txt
23.12.2006 20:53 6.473 windows.txt
23.12.2006 20:52 9.925 system.txt
23.12.2006 20:52 817 systemtemp.txt
23.12.2006 20:52 922 system32.txt
23.12.2006 20:46 3.282 avenger.txt
23.12.2006 20:45 267.968.512 hiberfil.sys
23.12.2006 20:45 402.653.184 pagefile.sys
23.12.2006 20:30 16.362 test.log
23.12.2006 19:55 1.081 c.txt
23.12.2006 15:09 6.023 delete please.txt
22.12.2006 15:16 22.288 der 2. rest.txt
22.12.2006 14:23 11.662 jmlxkapo.txt
21.12.2006 20:11 21.102 der rest.txt
21.12.2006 19:25 15.006 ComboFix.txt
21.12.2006 18:48 4.161 ComboFix2.txt
03.08.2006 22:01 0 CONFIG.SYS
___________________________________________________________
Win32DHCPsvc

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 23.12.2006 21:04:58 for strings:
; 'win32dhcpsvc'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-1757981266-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"="sc stop Win32DHCPsvc\\1"
"b"="sc delete Win32DHCPsvc\\1"

; End Of The Log...
----------------------------------------------------------------

WinXPDHCPsvc

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 23.12.2006 21:07:44 for strings:
; 'winxpdhcpsvc'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-1757981266-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"e"="sc stop WinXPDHCPsvc\\1"
"f"="sc delete WinXPDHCPsvc\\1"

; End Of The Log...

--------------------------------------------------------------
WinDHCPsvc

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 23.12.2006 21:21:11 for strings:
; 'windhcpsvc'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-1757981266-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"c"="sc stop WinDHCPsvc\\1"
"d"="sc delete WinDHCPsvc\\1"

; End Of The Log...
-----------------------------------------------------------
windhcp

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 23.12.2006 21:25:34 for strings:
; 'windhcp'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-1757981266-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Dokumente und Einstellungen\\info\\Desktop\\WinDHCPsvc.txt"

[HKEY_USERS\S-1-5-21-1757981266-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt]
"f"="C:\\Dokumente und Einstellungen\\info\\Desktop\\WinDHCPsvc.txt"

[HKEY_USERS\S-1-5-21-1757981266-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"c"="sc stop WinDHCPsvc\\1"
"d"="sc delete WinDHCPsvc\\1"

; End Of The Log...
------------------------------------------------------
xpdhcp

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 23.12.2006 21:28:35 for strings:
; 'xpdhcp'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-1757981266-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"i"="C:\\Dokumente und Einstellungen\\info\\Desktop\\WinXPDHCPsvc.txt"

[HKEY_USERS\S-1-5-21-1757981266-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt]
"i"="C:\\Dokumente und Einstellungen\\info\\Desktop\\WinXPDHCPsvc.txt"

[HKEY_USERS\S-1-5-21-1757981266-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"e"="sc stop WinXPDHCPsvc\\1"
"f"="sc delete WinXPDHCPsvc\\1"

; End Of The Log...