| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sysWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.08.2010, 07:34
| #1 | ||
 |  RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys Guten Morgen, leider bin ich einem RootKit zum Opfer gefallen, welches sich anscheinend nicht entfernen lässt. Sowohl Avira Antivir als auch Malwarebytes melden mir in der Datei C:\Windows\System32\drivers\jzhkpqtl.sys ein RKIT/Bubnix.AU Ich habe schon versucht diesen mit Antivir zu entfernen. Ohne Erfolg, im Logfile steht dann: Zitat:
Malwarebytes sagt mir: Zitat:
Nach einem Neustart und einer erneuten Suche wird das RootKit allerdings wieder in der selben Datei gefunden. |
|
13.08.2010, 08:16
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sysZitat:
V.a. das von Malwarebytes! Ich brauch auch welche von OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
13.08.2010, 08:49
| #3 |
| | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys OTL.txt:
__________________Code:
ATTFilter OTL logfile created on: 13.08.2010 09:30:47 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Seblon\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,65 Gb Total Space | 42,47 Gb Free Space | 60,98% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 26,69 Gb Free Space | 38,33% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SEBLON-LAPTOP Current User Name: Seblon Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Seblon\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gamigo Games\Fiesta Online(EU_German)\Fiesta.bin () PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Users\Seblon\AppData\Roaming\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Winamp\Elevator.exe () PRC - C:\Programme\Winamp\winamp.exe (Nullsoft) PRC - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project) PRC - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project) ========== Modules (SafeList) ========== MOD - C:\Users\Seblon\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Vsssat) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (wxpSvc) -- C:\Program Files\wLite\wService.exe (Moonware Studios) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project) SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project) ========== Driver Services (SafeList) ========== DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc) DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.) DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.) DRV - (SQTECH930B) -- C:\Windows\System32\drivers\Capt930b.sys () DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.youth-fm.de/index.htm IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.youth-fm.de/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.4 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1 FF - prefs.js..extensions.enabledItems: beta@linkdiagnosis.com:2.2.41 FF - prefs.js..extensions.enabledItems: {E9A4B2C3-9857-4873-BA67-FB4271257B20}:1.3.2 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.8.3 FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0 FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..network.proxy.backup.ftp: "200.63.17.162" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "200.63.17.162" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "200.63.17.162" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "200.63.17.162" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "200.63.17.162" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "200.63.17.162" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "200.63.17.162" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,samsung.router" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "200.63.17.162" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "200.63.17.162" FF - prefs.js..network.proxy.ssl_port: 8080 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.26 10:03:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.22 14:38:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.07.22 14:38:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.22 14:38:35 | 000,000,000 | ---D | M] [2010.06.21 15:36:13 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Extensions [2010.06.21 15:36:13 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.08.13 04:37:38 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions [2010.05.28 15:36:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.25 01:04:10 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2010.02.25 01:04:11 | 000,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53} [2010.02.25 01:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{a880aeee-06f6-48e7-87c5-876fb64a2a56} [2010.02.25 01:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} [2010.02.25 01:04:12 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d} [2010.06.09 10:04:05 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2010.02.25 01:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{E9A4B2C3-9857-4873-BA67-FB4271257B20} [2010.06.02 10:12:06 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\beta@linkdiagnosis.com [2010.02.25 01:04:06 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.03.07 23:42:06 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\en-GB@dictionaries.addons.mozilla.org [2010.05.28 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\firebug@software.joehewitt.com [2010.03.10 10:45:28 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\yslow@yahoo-inc.com [2009.07.16 16:29:14 | 000,001,720 | ---- | M] () -- C:\Users\Seblon\AppData\Roaming\Mozilla\FireFox\Profiles\pa69l60d.default\searchplugins\aol-search.xml [2010.08.09 09:19:37 | 000,000,947 | ---- | M] () -- C:\Users\Seblon\AppData\Roaming\Mozilla\FireFox\Profiles\pa69l60d.default\searchplugins\icqplugin.xml [2009.05.21 10:08:00 | 000,002,167 | ---- | M] () -- C:\Users\Seblon\AppData\Roaming\Mozilla\FireFox\Profiles\pa69l60d.default\searchplugins\oneview.xml [2010.08.13 04:37:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.16 09:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.02 23:47:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.02 23:47:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.02 23:47:09 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.02 23:47:09 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.02 23:47:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Alexa) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Programme\Alexa Toolbar\AlxTB2.9.39.dll (Alexa Internet, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Motor_Tracking_Tool] C:\Windows\twain_32\USB2.0 Motor Tracking Camera\MTTool.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnGeL.exe - Verknüpfung.lnk = D:\c\seblon\Desktop\Bot\AnGeL.exe (-) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\Shell - "" = AutoRun O33 - MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found O33 - MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\Shell - "" = AutoRun O33 - MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\Shell - "" = AutoRun O33 - MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.13 09:28:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Seblon\Desktop\OTL.exe [2010.08.13 08:19:44 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Users\Seblon\Desktop\Ad-AwareInstall.exe [2010.08.13 07:01:01 | 000,000,000 | ---D | C] -- C:\Users\Seblon\AppData\Roaming\Malwarebytes [2010.08.13 07:00:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.13 07:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.13 07:00:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.13 07:00:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.13 06:58:04 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Seblon\Desktop\mbam-setup.exe [2010.08.10 13:23:15 | 000,000,000 | ---D | C] -- C:\Programme\seRapid [2010.08.09 20:44:08 | 000,398,848 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\TVWizudlg.exe [2010.08.09 20:44:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang [2010.08.09 20:39:53 | 000,997,912 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe [2010.08.09 20:39:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64 [2010.08.09 20:38:50 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.08.09 20:38:16 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2010.08.09 20:35:01 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.09 20:35:01 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.09 20:35:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.09 20:35:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.09 20:34:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.08.09 20:34:11 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.09 20:34:11 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.09 20:33:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.08.09 20:33:55 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.08.09 20:33:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.08.09 20:33:15 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.08.09 20:33:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.08.09 20:22:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2010.08.09 20:21:57 | 002,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2010.08.09 20:21:57 | 002,745,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys [2010.08.09 20:21:57 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2010.08.09 20:21:57 | 001,265,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2010.08.09 20:21:57 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2010.08.09 20:21:57 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2010.08.09 20:21:57 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [2010.08.09 20:21:57 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2010.08.09 20:21:57 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2010.08.09 20:21:57 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2010.08.09 20:21:57 | 000,052,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll [2010.08.09 20:21:56 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2010.08.09 20:21:56 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2010.08.09 20:21:56 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2010.08.09 20:21:56 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2010.08.09 20:21:56 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2010.08.09 20:21:55 | 000,266,240 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2010.08.09 20:21:55 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [2010.08.09 20:21:55 | 000,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [2010.08.09 20:21:55 | 000,000,000 | ---D | C] -- C:\Programme\Realtek [2010.08.09 20:21:51 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2010.08.09 20:21:51 | 000,000,000 | -H-D | C] -- C:\Programme\Temp [2010.08.09 20:17:47 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics [2010.08.09 20:17:10 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll [2010.08.09 20:17:09 | 000,229,040 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys [2010.08.09 20:17:09 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCtrl.dll [2010.08.09 20:17:09 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCOM.dll [2010.08.09 20:17:09 | 000,161,064 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPAPI.dll [2010.08.09 20:17:09 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo4.dll [2010.08.09 20:11:05 | 000,330,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys [2010.08.09 20:10:24 | 000,000,000 | ---D | C] -- C:\Programme\Apoint2K [2010.08.09 20:09:58 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll [2010.08.09 20:09:58 | 000,203,824 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys [2010.08.09 20:09:58 | 000,108,606 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll [2010.08.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Programme\Cisco [2010.08.09 20:08:25 | 000,000,000 | ---D | C] -- C:\Programme\Broadcom [2010.08.09 20:03:21 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll [2010.08.09 20:03:21 | 000,000,000 | ---D | C] -- C:\Programme\Intel [2010.08.09 20:02:40 | 000,000,000 | ---D | C] -- C:\Intel [2010.08.09 20:01:52 | 000,000,000 | ---D | C] -- C:\Programme\Option [2010.08.09 19:51:43 | 000,604,672 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\netr28.sys [2010.08.09 19:51:43 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll [2010.08.09 19:51:43 | 000,000,000 | ---D | C] -- C:\Windows\Options [2010.08.09 19:46:09 | 001,781,760 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys [2010.08.09 19:46:09 | 000,000,000 | ---D | C] -- C:\Programme\Atheros [2010.08.09 19:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2010.08.09 19:45:37 | 000,000,000 | ---D | C] -- C:\Users\Seblon\AppData\Roaming\InstallShield [2010.08.09 19:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink [2010.08.07 14:30:16 | 000,000,000 | ---D | C] -- C:\Users\Seblon\Documents\Fiesta [2010.07.25 15:59:48 | 000,000,000 | ---D | C] -- C:\Windows\Presets [2010.07.25 10:59:54 | 000,000,000 | ---D | C] -- C:\Programme\VirtualDJ [2010.07.25 08:28:20 | 000,000,000 | ---D | C] -- C:\Programme\No23Live [2010.07.24 21:48:54 | 000,000,000 | ---D | C] -- C:\Programme\edcast [2010.07.22 14:35:21 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.07.22 14:30:48 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.07.20 13:27:54 | 000,000,000 | ---D | C] -- C:\Users\Seblon\Desktop\youthfm [2010.07.19 23:41:06 | 000,000,000 | ---D | C] -- C:\Users\Seblon\Desktop\yfm und im [2010.07.19 20:04:08 | 000,000,000 | ---D | C] -- C:\Users\Seblon\AppData\Roaming\DivX [2010.07.19 20:03:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2010.07.19 20:02:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.07.19 19:58:49 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.07.19 19:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.13 09:39:28 | 003,407,872 | -HS- | M] () -- C:\Users\Seblon\NTUSER.DAT [2010.08.13 09:37:49 | 000,741,376 | ---- | M] () -- C:\Windows\System32\drivers\jzhkpqtl.sys [2010.08.13 09:28:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Seblon\Desktop\OTL.exe [2010.08.13 08:28:54 | 128,750,008 | ---- | M] (Lavasoft ) -- C:\Users\Seblon\Desktop\Ad-AwareInstall.exe [2010.08.13 08:12:21 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\amde.sys [2010.08.13 08:03:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.13 08:03:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.13 07:58:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.13 07:58:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.13 07:58:28 | 2359,980,032 | -HS- | M] () -- C:\hiberfil.sys [2010.08.13 07:57:42 | 001,905,824 | -H-- | M] () -- C:\Users\Seblon\AppData\Local\IconCache.db [2010.08.13 07:52:47 | 000,013,351 | ---- | M] () -- C:\Users\Seblon\AppData\Roaming\phpdesigner2007pe.xml [2010.08.13 07:00:47 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.13 06:58:47 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Seblon\Desktop\mbam-setup.exe [2010.08.10 13:33:13 | 000,001,094 | ---- | M] () -- C:\Windows\seRapid.INI [2010.08.10 13:23:15 | 000,000,899 | ---- | M] () -- C:\Users\Seblon\Desktop\InfoRapid Suchen & Ersetzen.lnk [2010.08.10 13:22:58 | 001,045,824 | ---- | M] () -- C:\Users\Seblon\Desktop\se.exe [2010.08.09 20:42:59 | 000,319,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.09 20:17:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.08.09 20:10:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01007.Wdf [2010.08.09 20:08:19 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll [2010.08.09 19:32:55 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI [2010.07.30 16:45:46 | 000,029,810 | ---- | M] () -- C:\Users\Seblon\Desktop\einladung-gray.jpg [2010.07.30 16:43:43 | 000,043,506 | ---- | M] () -- C:\Users\Seblon\Desktop\einladung.jpg [2010.07.27 15:15:03 | 000,018,065 | ---- | M] () -- C:\Users\Seblon\Desktop\traum.jpg [2010.07.27 15:12:59 | 000,008,288 | ---- | M] () -- C:\Users\Seblon\Desktop\Herz.gif [2010.07.27 01:49:33 | 000,035,122 | ---- | M] () -- C:\Users\Seblon\Documents\getränkemarken.odt [2010.07.27 01:24:56 | 000,003,029 | ---- | M] () -- C:\Users\Seblon\Desktop\marke.jpg [2010.07.26 12:09:02 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.26 12:09:02 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.26 12:09:02 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.26 12:09:02 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.26 12:09:02 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.25 11:00:34 | 000,000,923 | ---- | M] () -- C:\Users\Seblon\Desktop\Virtual DJ.lnk [2010.07.25 09:58:42 | 000,002,048 | ---- | M] () -- C:\Users\Seblon\Desktop\SimpleCast.lnk [2010.07.25 08:28:22 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\No23Live.lnk [2010.07.24 21:55:02 | 000,000,989 | ---- | M] () -- C:\Users\Seblon\Desktop\edcast.lnk [2010.07.22 19:33:47 | 000,000,572 | ---- | M] () -- C:\Windows\win.ini [2010.07.18 16:46:57 | 000,016,896 | ---- | M] () -- C:\Users\Seblon\Documents\flug18-07.doc [2010.07.18 16:38:35 | 000,069,808 | ---- | M] () -- C:\Users\Seblon\Documents\flug18-07.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.13 08:12:21 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\amde.sys [2010.08.13 07:00:47 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.10 13:33:07 | 000,001,094 | ---- | C] () -- C:\Windows\seRapid.INI [2010.08.10 13:23:15 | 000,000,899 | ---- | C] () -- C:\Users\Seblon\Desktop\InfoRapid Suchen & Ersetzen.lnk [2010.08.10 13:22:50 | 001,045,824 | ---- | C] () -- C:\Users\Seblon\Desktop\se.exe [2010.08.09 20:44:08 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010.08.09 20:44:08 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp [2010.08.09 20:21:58 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2010.08.09 20:21:58 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2010.08.09 20:21:58 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2010.08.09 20:21:58 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2010.08.09 20:21:58 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2010.08.09 20:21:58 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2010.08.09 20:17:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.08.09 20:10:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01007.Wdf [2010.08.09 20:08:29 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010.08.09 19:51:43 | 000,353,812 | ---- | C] () -- C:\Windows\System32\netr28.inf [2010.08.09 19:51:43 | 000,021,606 | ---- | C] () -- C:\Windows\System32\netr28.cat [2010.08.09 19:51:43 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2010.08.09 19:46:09 | 000,330,449 | ---- | C] () -- C:\Windows\System32\netathr.inf [2010.08.09 19:46:09 | 000,053,090 | ---- | C] () -- C:\Windows\System32\athrext.cat [2010.08.09 19:32:55 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI [2010.08.01 20:43:07 | 000,530,512 | ---- | C] () -- C:\Users\Seblon\Desktop\3jahre.mp3 [2010.07.30 16:45:46 | 000,029,810 | ---- | C] () -- C:\Users\Seblon\Desktop\einladung-gray.jpg [2010.07.30 16:43:43 | 000,043,506 | ---- | C] () -- C:\Users\Seblon\Desktop\einladung.jpg [2010.07.27 15:15:03 | 000,018,065 | ---- | C] () -- C:\Users\Seblon\Desktop\traum.jpg [2010.07.27 15:12:58 | 000,008,288 | ---- | C] () -- C:\Users\Seblon\Desktop\Herz.gif [2010.07.27 01:49:30 | 000,035,122 | ---- | C] () -- C:\Users\Seblon\Documents\getränkemarken.odt [2010.07.27 01:24:56 | 000,003,029 | ---- | C] () -- C:\Users\Seblon\Desktop\marke.jpg [2010.07.25 11:00:34 | 000,000,923 | ---- | C] () -- C:\Users\Seblon\Desktop\Virtual DJ.lnk [2010.07.25 09:58:42 | 000,002,048 | ---- | C] () -- C:\Users\Seblon\Desktop\SimpleCast.lnk [2010.07.25 08:28:22 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\No23Live.lnk [2010.07.24 21:55:02 | 000,000,989 | ---- | C] () -- C:\Users\Seblon\Desktop\edcast.lnk [2010.07.18 16:38:33 | 000,069,808 | ---- | C] () -- C:\Users\Seblon\Documents\flug18-07.pdf [2010.05.18 10:22:15 | 000,741,376 | ---- | C] () -- C:\Windows\System32\drivers\jzhkpqtl.sys [2010.04.22 18:53:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2010.04.22 18:51:55 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.04.22 18:51:32 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.04.17 13:00:17 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.04.06 15:47:21 | 000,015,363 | ---- | C] () -- C:\Windows\930TwCfg.INI [2010.04.06 15:47:18 | 000,376,374 | ---- | C] () -- C:\Windows\System32\drivers\Capt930b.sys [2010.04.06 15:47:18 | 000,025,728 | ---- | C] () -- C:\Windows\System32\drivers\Camd930b.sys [2010.03.23 16:46:20 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.25 02:00:06 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2004.02.24 17:09:30 | 000,045,568 | ---- | C] () -- C:\Windows\System32\xWSock32.dll [2003.10.10 16:12:58 | 000,141,824 | ---- | C] () -- C:\Windows\System32\xmenu2.dll [2002.08.09 11:10:04 | 000,017,408 | ---- | C] () -- C:\Windows\System32\xNSLookup.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.08.2010 09:30:47 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Seblon\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 42,47 Gb Free Space | 60,98% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 26,69 Gb Free Space | 38,33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SEBLON-LAPTOP
Current User Name: Seblon
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32EF7022-B623-4B6A-B41D-400558207243}_is1" = Company Logo Designer 2.xx
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1482E0-7119-4A66-BBF1-FFD95A6BA16C}" = No23Live
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{884BB5CC-108E-41a9-936D-955C999C06A1}_x" = Driver Installer
"{892772D7-1A4D-45A8-86E3-1D6CE9543659}" = CadiaFakturaFreeware
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527450C-64B3-11D5-9B31-000021116B62}" = SmartCamera Ver 2.1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{D0AF1483-31AD-4FEB-A961-C9327185439F}" = USB2.0 Motor Tracking Camera
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFA72D36-5C42-4379-A294-9EC88A56D27B}" = Driver Installer
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = Officejet J4500 Series
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFE356A6-91C3-450F-A469-504ACA655A7A}_is1" = PADGen 3.1.0.41
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8584160-CC6E-11d5-954F-5254AB1A4DB7}" = Pluto Client
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE773CD-9201-4655-87F3-4E051860D47D}" = Ralink Wireless LAN v3.0.2.0 Installation Program for Windows7
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alexa Toolbar" = Alexa Toolbar
"AMIP" = AMIP (remove only)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CamStudio" = CamStudio
"Casino.com" = Casino.com
"ColorPic" = ColorPic
"Daolnwod Software Submitter_is1" = Daolnwod Software Submitter 1.5
"Der VerkehrsGigant-Gold Edition" = Der VerkehrsGigant-Gold Edition
"DivX Setup.divx.com" = DivX-Setup
"DriverAgent.exe" = DriverAgent by eSupport.com
"FBDBServer_1_5_is1" = Firebird 1.5.2.4731
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.02.093
"FileZilla Client" = FileZilla Client 3.3.2.1
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"HD Tune_is1" = HD Tune 2.55
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"InfoRapid Suchen & Ersetzen" = InfoRapid Suchen & Ersetzen
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"PaRaMeter_is1" = PaRaMeter 1.3
"PHP Designer 2007 - Personal_is1" = PHP Designer 2007 - Personal - version 5.0.2
"SAM3" = SAM Broadcaster (remove only)
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SimpleCast" = SimpleCast (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"Tunnelier" = Bitvise Tunnelier 4.29 (remove only)
"TVWiz" = Intel(R) TV Wizard
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"wLite" = webcamXP Lite
"Wormux" = Wormux
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Imagicon" = Imagicon
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.07.2010 15:29:10 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: skypePM.exe, Version: 3.0.0.5, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: ezPMUtils.dll, Version: 3.0.0.91, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b49f7 ID des fehlerhaften Prozesses:
0x22b4 Startzeit der fehlerhaften Anwendung: 0x01cb27545af89d55 Pfad der fehlerhaften
Anwendung: C:\Program Files\Skype\Plugin Manager\skypePM.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll Berichtskennung: e76fc2a1-936b-11df-91f5-0015831212e7
Error - 22.07.2010 08:37:25 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Internet Explorer" konnte nicht heruntergefahren
werden.
Error - 24.07.2010 15:30:34 | Computer Name = Seblon-Laptop | Source = sc_serv2 | ID = 1
Description =
Error - 24.07.2010 15:30:34 | Computer Name = Seblon-Laptop | Source = sc_serv2 | ID = 1
Description =
Error - 25.07.2010 04:41:21 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_shell32.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc637 Name des fehlerhaften Moduls: ntdll.dll,
Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000374 Fehleroffset:
0x000c283b ID des fehlerhaften Prozesses: 0x32c0 Startzeit der fehlerhaften Anwendung:
0x01cb2bd51df044f2 Pfad der fehlerhaften Anwendung: C:\Windows\System32\rundll32.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 65ce9491-97c8-11df-91f5-0015831212e7
Error - 25.07.2010 04:41:26 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c283b ID des fehlerhaften
Prozesses: 0xd10 Startzeit der fehlerhaften Anwendung: 0x01cb1daeece5f60f Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
692e46f7-97c8-11df-91f5-0015831212e7
Error - 25.07.2010 04:52:06 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_Shell32.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc637 Name des fehlerhaften Moduls: ntdll.dll,
Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000374 Fehleroffset:
0x000c283b ID des fehlerhaften Prozesses: 0x3a70 Startzeit der fehlerhaften Anwendung:
0x01cb2bd699e0703f Pfad der fehlerhaften Anwendung: C:\Windows\system32\rundll32.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: e61a8935-97c9-11df-91f5-0015831212e7
Error - 31.07.2010 07:28:58 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SAMBC.exe, Version: 1.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0x0eedfade Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0xcfc Startzeit der fehlerhaften Anwendung: 0x01cb2ff6c5c16de1 Pfad der
fehlerhaften Anwendung: C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: cefe4374-9c96-11df-a799-0015831212e7
Error - 05.08.2010 19:04:02 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.1.10,
Zeitstempel: 0x4c06fc6d Name des fehlerhaften Moduls: MSVCP80.dll, Version: 8.0.50727.4927,
Zeitstempel: 0x4a275370 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000100b5 ID des fehlerhaften
Prozesses: 0x70c Startzeit der fehlerhaften Anwendung: 0x01cb2e577477a457 Pfad der
fehlerhaften Anwendung: C:\Program Files\DivX\DivX Update\DivXUpdate.exe Pfad des
fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll
Berichtskennung:
bccc024c-a0e5-11df-a799-0015831212e7
Error - 09.08.2010 13:36:05 | Computer Name = Seblon-Laptop | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706be fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB979482)
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB979559)
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software
- Juli 2010 (KB890830)
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB978542)
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB980408)
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Kumulatives Sicherheitsupdate für ActiveX Killbits
für Windows 7 (KB980195)
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Definition Update for Windows Defender - KB915597
(Definition 1.87.1528.0)
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Microsoft .NET Framework 3.5 SP1-Update für Windows
7 x86 (KB982526)
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB978601)
Error - 09.08.2010 14:43:20 | Computer Name = Seblon-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM
< End of report >
|
|
13.08.2010, 09:55
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys Was ist mit malwarebytes?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.08.2010, 11:09
| #5 |
| | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys Oh sry, hier Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4423
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
13.08.2010 07:57:15
mbam-log-2010-08-13 (07-57-15).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160146
Laufzeit: 26 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\system32\Drivers\jzhkpqtl.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
|
|
13.08.2010, 12:38
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys Mach bitte einen Vollscan und aktuellen Signaturen! Poste auch alle anderen Logs von Malwarebytes falls vorhanden.
__________________ --> RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys |
|
14.08.2010, 12:05
| #7 |
| | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys So hab Malwarebytes über nacht laufen lassen: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4427
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
14.08.2010 13:00:20
mbam-log-2010-08-14 (13-00-20).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 425186
Laufzeit: 5 Stunde(n), 29 Minute(n), 2 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Casino\William Hill CASINO CLUB\_SetupCasino_42ea18_de.exe (Adware.Casino) -> Not selected for removal.
C:\Users\Seblon\Desktop\yfm und im\brutus\BrutusA2.exe (HackTool.Brutus) -> Not selected for removal.
C:\Windows\System32\drivers\jzhkpqtl.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\c\seblon\Desktop\brutus-aet2\BrutusA2.exe (HackTool.Brutus) -> Not selected for removal.
|
|
14.08.2010, 17:26
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (Vsssat) -- File not found
FF - prefs.js..network.proxy.backup.ftp: "200.63.17.162"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "200.63.17.162"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "200.63.17.162"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "200.63.17.162"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "200.63.17.162"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "200.63.17.162"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "200.63.17.162"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,samsung.router"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "200.63.17.162"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "200.63.17.162"
FF - prefs.js..network.proxy.ssl_port: 8080
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O33 - MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\Shell - "" = AutoRun
O33 - MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\Shell - "" = AutoRun
O33 - MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
[2010.08.13 09:37:49 | 000,741,376 | ---- | M] () -- C:\Windows\System32\drivers\jzhkpqtl.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.08.2010, 19:26
| #9 |
| | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys Habs wie beschrieben ausgeführt. Der PC musste tatsächlich neugestartet werden. Nach dem Neustart öffnete sich folgender Log: Code:
ATTFilter All processes killed
========== OTL ==========
Service Vsssat stopped successfully!
Service Vsssat deleted successfully!
File File not found not found.
Prefs.js: "200.63.17.162" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "200.63.17.162" removed from network.proxy.backup.gopher
Prefs.js: 8080 removed from network.proxy.backup.gopher_port
Prefs.js: "200.63.17.162" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "200.63.17.162" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "200.63.17.162" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "200.63.17.162" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "200.63.17.162" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1,samsung.router" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "200.63.17.162" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "200.63.17.162" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a25250c4-6351-11df-9d3a-0015831212e7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a25250c4-6351-11df-9d3a-0015831212e7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a25250cf-6351-11df-9d3a-0015831212e7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a25250cf-6351-11df-9d3a-0015831212e7}\ not found.
File G:\AutoRun.exe not found.
File C:\Windows\System32\drivers\jzhkpqtl.sys not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Seblon
->Temp folder emptied: 611281266 bytes
->Temporary Internet Files folder emptied: 52091610 bytes
->Java cache emptied: 22496260 bytes
->FireFox cache emptied: 20786646 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 30161624 bytes
->Flash cache emptied: 2628547 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9252188 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 714,00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 08142010_201024
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
14.08.2010, 23:42
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2010, 00:33
| #11 |
| | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sysCode:
ATTFilter ComboFix 10-08-14.02 - Seblon 15.08.2010 1:19.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3001.2166 [GMT 2:00]
ausgeführt von:: c:\users\Seblon\Desktop\cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\alexa toolbar
c:\program files\alexa toolbar\AlxTB2.9.39.dll
c:\program files\alexa toolbar\Uninstall9.exe
c:\windows\system32\win.ini
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-14 bis 2010-08-14 ))))))))))))))))))))))))))))))
.
2010-08-14 23:26 . 2010-08-14 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-14 23:08 . 2010-08-14 23:09 -------- d-----w- c:\program files\CCleaner
2010-08-14 18:10 . 2010-08-14 18:10 -------- d-----w- C:\_OTL
2010-08-13 05:01 . 2010-08-13 05:01 -------- d-----w- c:\users\Seblon\AppData\Roaming\Malwarebytes
2010-08-13 05:00 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 05:00 . 2010-08-13 05:00 -------- d-----w- c:\programdata\Malwarebytes
2010-08-13 05:00 . 2010-08-13 05:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-13 05:00 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 11:23 . 2010-08-10 11:23 -------- d-----w- c:\program files\seRapid
2010-08-09 18:44 . 2009-06-03 08:26 398848 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-08-09 18:44 . 2009-06-03 08:26 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-08-09 18:44 . 2010-08-09 18:44 -------- d-----w- c:\windows\system32\Lang
2010-08-09 18:39 . 2010-08-09 18:39 -------- d-----w- c:\windows\system32\x64
2010-08-09 18:39 . 2009-06-03 16:19 997912 ----a-w- c:\windows\system32\igxpun.exe
2010-08-09 18:38 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-09 18:38 . 2010-08-09 18:38 -------- d-----w- c:\program files\MSXML 4.0
2010-08-09 18:35 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-08-09 18:34 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-09 18:34 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-09 18:33 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-09 18:33 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-08-09 18:33 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-09 18:33 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-09 18:33 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-09 18:33 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-09 18:33 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-09 18:33 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-09 18:33 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-08-09 18:22 . 2010-08-09 18:22 -------- d-----w- c:\windows\system32\RTCOM
2010-08-09 18:17 . 2010-08-09 18:17 -------- d-----w- c:\program files\Synaptics
2010-08-09 18:17 . 2009-08-07 07:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-08-09 18:17 . 2009-09-17 18:12 229040 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-08-09 18:17 . 2009-09-17 18:11 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-08-09 18:17 . 2009-09-17 18:11 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-08-09 18:17 . 2009-09-17 18:11 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2010-08-09 18:17 . 2009-09-17 18:11 169256 ----a-w- c:\windows\system32\SynCOM.dll
2010-08-09 18:11 . 2009-06-04 16:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-08-09 18:10 . 2010-08-09 18:10 -------- d-----w- c:\program files\Apoint2K
2010-08-09 18:09 . 2009-05-24 17:50 203824 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-08-09 18:09 . 2009-05-08 12:47 108606 ----a-w- c:\windows\system32\Vxdif.dll
2010-08-09 18:09 . 2008-03-27 14:49 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-08-09 18:09 . 2010-08-09 18:09 -------- d-----w- c:\program files\Cisco
2010-08-09 18:08 . 2010-08-09 18:08 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-08-09 18:08 . 2010-08-09 18:08 -------- d-----w- c:\program files\Broadcom
2010-08-09 18:03 . 2010-08-09 18:44 -------- d-----w- c:\program files\Intel
2010-08-09 18:03 . 2009-08-26 13:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-08-09 18:02 . 2010-08-09 18:02 -------- d-----w- C:\Intel
2010-08-09 18:01 . 2010-08-09 18:01 -------- d-----w- c:\program files\Option
2010-08-09 17:51 . 2010-08-09 17:51 -------- d-----w- c:\windows\Options
2010-08-09 17:51 . 2009-06-19 13:57 604672 ----a-w- c:\windows\system32\netr28.sys
2010-08-09 17:51 . 2009-06-18 18:07 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-08-09 17:51 . 2009-06-18 18:07 13931 ----a-w- c:\windows\system32\RaCoInst.dat
2010-08-09 17:46 . 2010-08-09 17:46 -------- d-----w- c:\program files\Atheros
2010-08-09 17:46 . 2010-02-12 21:48 1781760 ----a-w- c:\windows\system32\athr.sys
2010-08-09 17:45 . 2010-08-09 17:45 -------- d-----w- c:\programdata\Atheros
2010-08-09 17:45 . 2010-08-09 17:45 -------- d-----w- c:\users\Seblon\AppData\Roaming\InstallShield
2010-08-09 17:35 . 2010-08-09 17:35 -------- d-----w- c:\programdata\Ralink
2010-07-25 13:59 . 2010-07-25 13:59 -------- d-----w- c:\windows\Presets
2010-07-25 08:59 . 2010-07-25 09:00 -------- d-----w- c:\program files\VirtualDJ
2010-07-25 06:28 . 2010-07-25 06:31 -------- d-----w- c:\program files\No23Live
2010-07-24 19:48 . 2010-07-24 20:04 -------- d-----w- c:\program files\edcast
2010-07-22 12:35 . 2010-07-22 12:35 -------- d-----w- c:\program files\Apple Software Update
2010-07-22 12:30 . 2010-07-22 12:38 -------- d-----w- c:\program files\QuickTime
2010-07-19 18:05 . 2010-07-19 18:05 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-19 18:05 . 2010-07-19 17:58 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-19 18:05 . 2010-07-19 17:58 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-19 18:04 . 2010-07-19 18:04 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-19 18:04 . 2010-07-29 16:20 -------- d-----w- c:\users\Seblon\AppData\Roaming\DivX
2010-07-19 18:02 . 2010-07-19 18:02 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-19 18:02 . 2010-07-19 18:02 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-19 18:02 . 2010-07-19 18:02 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-07-19 17:58 . 2010-07-19 18:04 -------- d-----w- c:\program files\DivX
2010-07-19 17:58 . 2010-07-19 18:04 -------- d-----w- c:\programdata\DivX
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 23:16 . 2010-02-24 23:26 -------- d-----w- c:\users\Seblon\AppData\Roaming\Skype
2010-08-14 23:02 . 2010-02-25 10:51 -------- d-----w- c:\users\Seblon\AppData\Roaming\ICQ
2010-08-14 22:07 . 2010-02-24 23:27 -------- d-----w- c:\users\Seblon\AppData\Roaming\skypePM
2010-08-13 13:34 . 2010-02-24 23:50 -------- d-----w- c:\users\Seblon\AppData\Roaming\Winamp
2010-08-12 19:52 . 2010-07-11 07:34 -------- d-----w- c:\program files\ICQ7.2
2010-08-11 13:45 . 2010-02-24 23:15 -------- d-----w- c:\users\Seblon\AppData\Roaming\FileZilla
2010-08-09 18:38 . 2010-04-28 13:33 -------- d-----w- c:\program files\Movie Maker 2.6
2010-08-09 18:22 . 2010-08-09 18:21 -------- d--h--w- c:\program files\Temp
2010-08-09 18:21 . 2010-08-09 18:21 -------- d-----w- c:\program files\Realtek
2010-08-09 18:21 . 2010-02-24 23:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-09 18:17 . 2010-08-09 18:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-08-09 18:10 . 2010-08-09 18:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01007.Wdf
2010-08-02 14:39 . 2010-03-08 12:40 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-02 06:19 . 2010-02-26 16:11 1 ----a-w- c:\users\Seblon\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-26 10:09 . 2009-07-14 08:47 643866 ----a-w- c:\windows\system32\perfh007.dat
2010-07-26 10:09 . 2009-07-14 08:47 126394 ----a-w- c:\windows\system32\perfc007.dat
2010-07-25 07:58 . 2010-02-24 23:57 -------- d-----w- c:\program files\SpacialAudio
2010-07-24 19:34 . 2010-02-24 23:50 -------- d-----w- c:\program files\Winamp
2010-07-19 18:04 . 2010-02-24 23:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-19 16:20 . 2010-06-17 13:52 1585608 ----a-w- c:\programdata\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2010-07-07 14:11 . 2010-06-21 13:33 -------- d-----w- c:\program files\LimeWire
2010-07-02 11:47 . 2010-07-02 11:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-02 11:47 . 2010-07-02 07:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-02 11:46 . 2010-07-02 11:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-02 11:45 . 2010-04-28 12:34 -------- d-----w- c:\program files\Lavasoft
2010-07-02 11:45 . 2010-07-02 11:45 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-07-01 16:35 . 2010-02-24 23:52 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-27 11:58 . 2010-06-27 11:58 -------- d-----w- c:\program files\Gamigo Games
2010-06-27 10:53 . 2010-06-27 10:53 -------- d-----w- c:\programdata\PMB Files
2010-06-27 10:52 . 2010-06-27 10:52 -------- d-----w- c:\program files\Pando Networks
2010-06-24 18:03 . 2010-05-07 19:10 -------- d-----w- c:\programdata\Zylom
2010-06-21 13:32 . 2010-06-21 13:02 -------- d-----w- c:\program files\Filetopia3
2010-06-17 14:17 . 2010-06-17 14:17 1662976 ----a-w- c:\programdata\Skype\Plugins\Plugins\5F4F26549C094CDEA4BA0531F053A953\LoveChat.dll
2010-06-17 14:10 . 2010-06-17 14:10 53760 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2010-06-17 14:10 . 2010-06-17 14:10 868352 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2010-06-17 14:10 . 2010-06-17 14:10 640000 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2010-06-17 14:10 . 2010-06-17 14:10 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2010-06-17 14:06 . 2010-06-17 14:06 1856000 ----a-w- c:\programdata\Skype\Plugins\Plugins\C764B54920584E4DB6ED22C76181C663\Skype_ICQ.dll
2010-06-17 13:50 . 2010-06-17 13:50 444416 ----a-w- c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\setup.exe
2010-06-17 13:50 . 2010-06-17 13:50 29184 ----a-w- c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\WBMLauncher.exe
2010-06-16 14:09 . 2010-06-16 10:29 -------- d-----w- c:\programdata\webcamXP 5
2010-06-16 10:30 . 2010-06-16 10:29 -------- d-----w- c:\program files\wLite
2010-06-08 15:41 . 2010-04-21 18:07 115584 ----a-w- c:\programdata\WebEx\WebEx\926\atasnt40.dll
2010-06-02 08:28 . 2010-06-09 08:04 865792 ----a-w- c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-05-18 08:21 . 2010-05-18 08:21 16 ----a-w- c:\users\Seblon\AppData\Roaming\qvjsge.dat
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-06-23 110592]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-09 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Motor_Tracking_Tool"="c:\windows\Twain_32\USB2.0 Motor Tracking Camera\MTTool.exe" [2006-08-22 602168]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-05-23 253952]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-21 217088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-17 1565992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-03 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-03 143872]
c:\users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AnGeL.exe - Verknpfung.lnk - d:\c\seblon\Desktop\Bot\AnGeL.exe [2010-2-24 507904]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-25 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Seblon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-07-23 14:49 1755960 ----a-w- c:\program files\CCleaner\CCleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STICAP]
2005-07-07 15:27 151552 ----a-w- c:\windows\twain_32\USB2.0 Motor Tracking Camera\SnapTrap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-02 1352832]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-05-06 23456]
R3 SQTECH930B;USB 2.0 Motor Tracking Camera;c:\windows\system32\Drivers\Capt930b.sys [2006-09-07 376374]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2010-05-02 5027328]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-02 64288]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 108289]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 65536]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 1527893]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - BMLoad
*Deregistered* - jzhkpqtl
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
2010-08-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.youth-fm.de/index.htm
IE: Google AdSense Preview-Tool - hxxp://pagead2.googlesyndication.com/pagead/preview/de/preview.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.youth-fm.de/
FF - component: c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Seblon\AppData\Roaming\Mozilla\plugins\npatgpc.dll
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files\Alexa Toolbar\AlxTB2.9.39.dll
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jzhkpqtl]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-08-15 01:28:55
ComboFix-quarantined-files.txt 2010-08-14 23:28
Vor Suchlauf: 24 Verzeichnis(se), 45.653.233.664 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 45.325.848.576 Bytes frei
- - End Of File - - 6A899FA733EF4A75E4D4E45FBB0BA51E
|
|
15.08.2010, 18:20
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\users\Seblon\AppData\Roaming\qvjsge.dat
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jzhkpqtl]
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2010, 18:44
| #13 |
| | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys Hab ich gemacht: Code:
ATTFilter ComboFix 10-08-14.06 - Seblon 15.08.2010 19:28:11.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3001.2095 [GMT 2:00]
ausgeführt von:: c:\users\Seblon\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Seblon\Desktop\CFScript.txt
FILE ::
"c:\users\Seblon\AppData\Roaming\qvjsge.dat"
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Seblon\AppData\Roaming\qvjsge.dat
c:\windows\system32\drivers\dvdmlgs.sys
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_lovcpfkd
((((((((((((((((((((((( Dateien erstellt von 2010-07-15 bis 2010-08-15 ))))))))))))))))))))))))))))))
.
2010-08-15 17:35 . 2010-08-15 17:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-14 23:17 . 2010-08-14 23:29 -------- d-----w- C:\cofi
2010-08-14 23:08 . 2010-08-14 23:09 -------- d-----w- c:\program files\CCleaner
2010-08-14 18:10 . 2010-08-14 18:10 -------- d-----w- C:\_OTL
2010-08-13 05:01 . 2010-08-13 05:01 -------- d-----w- c:\users\Seblon\AppData\Roaming\Malwarebytes
2010-08-13 05:00 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 05:00 . 2010-08-13 05:00 -------- d-----w- c:\programdata\Malwarebytes
2010-08-13 05:00 . 2010-08-13 05:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-13 05:00 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 11:23 . 2010-08-10 11:23 -------- d-----w- c:\program files\seRapid
2010-08-09 18:44 . 2009-06-03 08:26 398848 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-08-09 18:44 . 2009-06-03 08:26 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-08-09 18:44 . 2010-08-09 18:44 -------- d-----w- c:\windows\system32\Lang
2010-08-09 18:39 . 2010-08-09 18:39 -------- d-----w- c:\windows\system32\x64
2010-08-09 18:39 . 2009-06-03 16:19 997912 ----a-w- c:\windows\system32\igxpun.exe
2010-08-09 18:38 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-09 18:38 . 2010-08-09 18:38 -------- d-----w- c:\program files\MSXML 4.0
2010-08-09 18:35 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-08-09 18:34 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-09 18:34 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-09 18:33 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-09 18:33 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-08-09 18:33 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-09 18:33 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-09 18:33 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-09 18:33 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-09 18:33 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-09 18:33 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-09 18:33 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-08-09 18:22 . 2010-08-09 18:22 -------- d-----w- c:\windows\system32\RTCOM
2010-08-09 18:17 . 2010-08-09 18:17 -------- d-----w- c:\program files\Synaptics
2010-08-09 18:17 . 2009-08-07 07:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-08-09 18:17 . 2009-09-17 18:12 229040 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-08-09 18:17 . 2009-09-17 18:11 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-08-09 18:17 . 2009-09-17 18:11 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-08-09 18:17 . 2009-09-17 18:11 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2010-08-09 18:17 . 2009-09-17 18:11 169256 ----a-w- c:\windows\system32\SynCOM.dll
2010-08-09 18:11 . 2009-06-04 16:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-08-09 18:10 . 2010-08-09 18:10 -------- d-----w- c:\program files\Apoint2K
2010-08-09 18:09 . 2009-05-24 17:50 203824 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-08-09 18:09 . 2009-05-08 12:47 108606 ----a-w- c:\windows\system32\Vxdif.dll
2010-08-09 18:09 . 2008-03-27 14:49 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-08-09 18:09 . 2010-08-09 18:09 -------- d-----w- c:\program files\Cisco
2010-08-09 18:08 . 2010-08-09 18:08 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-08-09 18:08 . 2010-08-09 18:08 -------- d-----w- c:\program files\Broadcom
2010-08-09 18:03 . 2010-08-09 18:44 -------- d-----w- c:\program files\Intel
2010-08-09 18:03 . 2009-08-26 13:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-08-09 18:02 . 2010-08-09 18:02 -------- d-----w- C:\Intel
2010-08-09 18:01 . 2010-08-09 18:01 -------- d-----w- c:\program files\Option
2010-08-09 17:51 . 2010-08-09 17:51 -------- d-----w- c:\windows\Options
2010-08-09 17:51 . 2009-06-19 13:57 604672 ----a-w- c:\windows\system32\netr28.sys
2010-08-09 17:51 . 2009-06-18 18:07 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-08-09 17:51 . 2009-06-18 18:07 13931 ----a-w- c:\windows\system32\RaCoInst.dat
2010-08-09 17:46 . 2010-08-09 17:46 -------- d-----w- c:\program files\Atheros
2010-08-09 17:46 . 2010-02-12 21:48 1781760 ----a-w- c:\windows\system32\athr.sys
2010-08-09 17:45 . 2010-08-09 17:45 -------- d-----w- c:\programdata\Atheros
2010-08-09 17:45 . 2010-08-09 17:45 -------- d-----w- c:\users\Seblon\AppData\Roaming\InstallShield
2010-08-09 17:35 . 2010-08-09 17:35 -------- d-----w- c:\programdata\Ralink
2010-07-25 13:59 . 2010-07-25 13:59 -------- d-----w- c:\windows\Presets
2010-07-25 08:59 . 2010-07-25 09:00 -------- d-----w- c:\program files\VirtualDJ
2010-07-25 06:28 . 2010-07-25 06:31 -------- d-----w- c:\program files\No23Live
2010-07-24 19:48 . 2010-07-24 20:04 -------- d-----w- c:\program files\edcast
2010-07-22 12:35 . 2010-07-22 12:35 -------- d-----w- c:\program files\Apple Software Update
2010-07-22 12:30 . 2010-07-22 12:38 -------- d-----w- c:\program files\QuickTime
2010-07-19 18:05 . 2010-07-19 18:05 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-19 18:05 . 2010-07-19 17:58 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-19 18:05 . 2010-07-19 17:58 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-19 18:04 . 2010-07-19 18:04 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-19 18:04 . 2010-07-29 16:20 -------- d-----w- c:\users\Seblon\AppData\Roaming\DivX
2010-07-19 18:02 . 2010-07-19 18:02 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-19 18:02 . 2010-07-19 18:02 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-19 18:02 . 2010-07-19 18:02 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-07-19 17:58 . 2010-07-19 18:04 -------- d-----w- c:\program files\DivX
2010-07-19 17:58 . 2010-07-19 18:04 -------- d-----w- c:\programdata\DivX
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 17:24 . 2010-02-24 23:26 -------- d-----w- c:\users\Seblon\AppData\Roaming\Skype
2010-08-15 17:22 . 2010-02-25 10:51 -------- d-----w- c:\users\Seblon\AppData\Roaming\ICQ
2010-08-15 14:04 . 2010-02-24 23:27 -------- d-----w- c:\users\Seblon\AppData\Roaming\skypePM
2010-08-15 09:26 . 2010-08-15 09:26 128 ----a-w- c:\windows\Fonts\unkjbm
2010-08-13 13:34 . 2010-02-24 23:50 -------- d-----w- c:\users\Seblon\AppData\Roaming\Winamp
2010-08-12 19:52 . 2010-07-11 07:34 -------- d-----w- c:\program files\ICQ7.2
2010-08-11 13:45 . 2010-02-24 23:15 -------- d-----w- c:\users\Seblon\AppData\Roaming\FileZilla
2010-08-09 18:38 . 2010-04-28 13:33 -------- d-----w- c:\program files\Movie Maker 2.6
2010-08-09 18:22 . 2010-08-09 18:21 -------- d--h--w- c:\program files\Temp
2010-08-09 18:21 . 2010-08-09 18:21 -------- d-----w- c:\program files\Realtek
2010-08-09 18:21 . 2010-02-24 23:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-09 18:17 . 2010-08-09 18:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-08-09 18:10 . 2010-08-09 18:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01007.Wdf
2010-08-02 14:39 . 2010-03-08 12:40 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-02 06:19 . 2010-02-26 16:11 1 ----a-w- c:\users\Seblon\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-26 10:09 . 2009-07-14 08:47 643866 ----a-w- c:\windows\system32\perfh007.dat
2010-07-26 10:09 . 2009-07-14 08:47 126394 ----a-w- c:\windows\system32\perfc007.dat
2010-07-25 07:58 . 2010-02-24 23:57 -------- d-----w- c:\program files\SpacialAudio
2010-07-24 19:34 . 2010-02-24 23:50 -------- d-----w- c:\program files\Winamp
2010-07-19 18:04 . 2010-02-24 23:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-19 16:20 . 2010-06-17 13:52 1585608 ----a-w- c:\programdata\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2010-07-07 14:11 . 2010-06-21 13:33 -------- d-----w- c:\program files\LimeWire
2010-07-02 11:47 . 2010-07-02 11:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-02 11:47 . 2010-07-02 07:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-02 11:46 . 2010-07-02 11:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-02 11:45 . 2010-04-28 12:34 -------- d-----w- c:\program files\Lavasoft
2010-07-02 11:45 . 2010-07-02 11:45 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-07-01 16:35 . 2010-02-24 23:52 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-27 11:58 . 2010-06-27 11:58 -------- d-----w- c:\program files\Gamigo Games
2010-06-27 10:53 . 2010-06-27 10:53 -------- d-----w- c:\programdata\PMB Files
2010-06-27 10:52 . 2010-06-27 10:52 -------- d-----w- c:\program files\Pando Networks
2010-06-24 18:03 . 2010-05-07 19:10 -------- d-----w- c:\programdata\Zylom
2010-06-21 13:32 . 2010-06-21 13:02 -------- d-----w- c:\program files\Filetopia3
2010-06-17 14:17 . 2010-06-17 14:17 1662976 ----a-w- c:\programdata\Skype\Plugins\Plugins\5F4F26549C094CDEA4BA0531F053A953\LoveChat.dll
2010-06-17 14:10 . 2010-06-17 14:10 53760 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2010-06-17 14:10 . 2010-06-17 14:10 868352 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2010-06-17 14:10 . 2010-06-17 14:10 640000 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2010-06-17 14:10 . 2010-06-17 14:10 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2010-06-17 14:06 . 2010-06-17 14:06 1856000 ----a-w- c:\programdata\Skype\Plugins\Plugins\C764B54920584E4DB6ED22C76181C663\Skype_ICQ.dll
2010-06-17 13:50 . 2010-06-17 13:50 444416 ----a-w- c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\setup.exe
2010-06-17 13:50 . 2010-06-17 13:50 29184 ----a-w- c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\WBMLauncher.exe
2010-06-08 15:41 . 2010-04-21 18:07 115584 ----a-w- c:\programdata\WebEx\WebEx\926\atasnt40.dll
2010-06-02 08:28 . 2010-06-09 08:04 865792 ----a-w- c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-06-23 110592]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-09 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Motor_Tracking_Tool"="c:\windows\Twain_32\USB2.0 Motor Tracking Camera\MTTool.exe" [2006-08-22 602168]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-05-23 253952]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-21 217088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-17 1565992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-03 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-03 143872]
c:\users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AnGeL.exe - Verknpfung.lnk - d:\c\seblon\Desktop\Bot\AnGeL.exe [2010-2-24 507904]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-25 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Seblon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-07-23 14:49 1755960 ----a-w- c:\program files\CCleaner\CCleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STICAP]
2005-07-07 15:27 151552 ----a-w- c:\windows\twain_32\USB2.0 Motor Tracking Camera\SnapTrap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-02 1352832]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-05-06 23456]
R3 SQTECH930B;USB 2.0 Motor Tracking Camera;c:\windows\system32\Drivers\Capt930b.sys [2006-09-07 376374]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2010-05-02 5027328]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-02 64288]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 108289]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 65536]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 1527893]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - BMLoad
*Deregistered* - jzhkpqtl
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
2010-08-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.youth-fm.de/index.htm
IE: Google AdSense Preview-Tool - hxxp://pagead2.googlesyndication.com/pagead/preview/de/preview.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.youth-fm.de/
FF - component: c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Seblon\AppData\Roaming\Mozilla\plugins\npatgpc.dll
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jzhkpqtl]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\users\Seblon\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-15 19:43:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-08-15 17:43
ComboFix2.txt 2010-08-14 23:28
Vor Suchlauf: 29 Verzeichnis(se), 45.363.085.312 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 45.211.250.688 Bytes frei
- - End Of File - - D2014812958B3042F34FDFF4AFBD6BFC
|
|
15.08.2010, 19:32
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2010, 21:01
| #15 |
| | RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-15 21:59:33
Windows 6.1.7600
Running: i8x9d6uf.exe; Driver: C:\Users\Seblon\AppData\Local\Temp\kxryrkob.sys
---- System - GMER 1.0.15 ----
SSDT 8C7090E4 ZwCreateThread
SSDT 8C7090D0 ZwOpenProcess
SSDT 8C7090D5 ZwOpenThread
SSDT 8C7090DF ZwTerminateProcess
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83049AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83049104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830493F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83031634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83031898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830491DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83049958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830496F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83049F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8304A1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C62599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C86F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82C8E85C 4 Bytes [E4, 90, 70, 8C] {IN AL, 0x90; JO 0xffffffffffffff90}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82C8E9F8 4 Bytes [D0, 90, 70, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 508 82C8EA18 4 Bytes JMP F359BF9F
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82C8ECC8 4 Bytes [DF, 90, 70, 8C]
? System32\Drivers\jzhkpqtl.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text peauth.sys AC89AC9D 28 Bytes [1E, AC, AD, 53, AD, 4F, 70, ...]
.text peauth.sys AC89ACC1 28 Bytes [1E, AC, AD, 53, AD, 4F, 70, ...]
PAGE peauth.sys AC8A0E20 101 Bytes [26, 0D, FC, 0E, BC, 4A, 10, ...]
PAGE peauth.sys AC8A102C 1 Byte [41]
PAGE peauth.sys AC8A102C 102 Bytes [41, 55, 46, D5, AB, 0C, 73, ...]
? C:\Users\Seblon\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73F72494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73F55624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73F556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73F7250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73F68573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73F64D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73F650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73F651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73F666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73F682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73F68819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73F6907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73F6E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73F64C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 871BC480
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\ACPI_HAL \Device\00000063 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015831212e7
Reg HKLM\SYSTEM\CurrentControlSet\services\jzhkpqtl@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\jzhkpqtl@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\jzhkpqtl@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\jzhkpqtl@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015831212e7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\jzhkpqtl@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\jzhkpqtl@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\jzhkpqtl@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\jzhkpqtl@Group Boot Bus Extender
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
---- EOF - GMER 1.0.15 ----
|
|
| Themen zu RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys |
| antivir, avira, avira antivir, c:\windows, datei, dateien, entfernen, fehler, fund, guten, infizierte, infizierte dateien, klicke, logfile, löschen, malwarebytes, meldung, neustart, nicht gefunden, quelldatei, rootkit, rootkits, suche, system, system32, warnung, windows |
Linear-Darstellung
