Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.08.2010, 07:34   #1
seblon
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Guten Morgen,
leider bin ich einem RootKit zum Opfer gefallen, welches sich anscheinend nicht entfernen lässt.
Sowohl Avira Antivir als auch Malwarebytes melden mir in der Datei C:\Windows\System32\drivers\jzhkpqtl.sys ein RKIT/Bubnix.AU

Ich habe schon versucht diesen mit Antivir zu entfernen. Ohne Erfolg, im Logfile steht dann:
Zitat:
Beginne mit der Desinfektion:
C:\Windows\System32\drivers\jzhkpqtl.sys
[FUND] Enthält Erkennungsmuster des Rootkits RKIT/Bubnix.AU
[WARNUNG] Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004
[WARNUNG] Die Quelldatei konnte nicht gefunden werden.
[HINWEIS] Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
[WARNUNG] Fehler in der ARK Library
Antivir fragt mich dann ob ich die Datei beim Neustart löschen möchte, wenn ich ja klicke erhalte ich allerdings die Meldung: Datei konnte nicht zum löschen markiert werden.

Malwarebytes sagt mir:
Zitat:
Infizierte Dateien:
C:\Windows\system32\Drivers\jzhkpqtl.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
und meldet, dass der PC neu gestartet werden muss um den Löschvorgang abzuschliessen.

Nach einem Neustart und einer erneuten Suche wird das RootKit allerdings wieder in der selben Datei gefunden.

Alt 13.08.2010, 08:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Zitat:
Sowohl Avira Antivir als auch Malwarebytes melden mir in der Datei C:\Windows\System32\drivers\jzhkpqtl.sys ein RKIT/Bubnix.AU
Poste bitte immer vollständige Logfiles!
V.a. das von Malwarebytes!

Ich brauch auch welche von OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 13.08.2010, 08:49   #3
seblon
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



OTL.txt:
Code:
ATTFilter
OTL logfile created on: 13.08.2010 09:30:47 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Seblon\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 42,47 Gb Free Space | 60,98% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 26,69 Gb Free Space | 38,33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEBLON-LAPTOP
Current User Name: Seblon
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Seblon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gamigo Games\Fiesta Online(EU_German)\Fiesta.bin ()
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Users\Seblon\AppData\Roaming\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Winamp\Elevator.exe ()
PRC - C:\Programme\Winamp\winamp.exe (Nullsoft)
PRC - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project)
PRC - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Seblon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Vsssat) --  File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (wxpSvc) -- C:\Program Files\wLite\wService.exe (Moonware Studios)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (SQTECH930B) -- C:\Windows\System32\drivers\Capt930b.sys ()
DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.youth-fm.de/index.htm
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.youth-fm.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.4
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: beta@linkdiagnosis.com:2.2.41
FF - prefs.js..extensions.enabledItems: {E9A4B2C3-9857-4873-BA67-FB4271257B20}:1.3.2
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.8.3
FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.backup.ftp: "200.63.17.162"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "200.63.17.162"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "200.63.17.162"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "200.63.17.162"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "200.63.17.162"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "200.63.17.162"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "200.63.17.162"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,samsung.router"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "200.63.17.162"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "200.63.17.162"
FF - prefs.js..network.proxy.ssl_port: 8080
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.26 10:03:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.22 14:38:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.07.22 14:38:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.22 14:38:35 | 000,000,000 | ---D | M]
 
[2010.06.21 15:36:13 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Extensions
[2010.06.21 15:36:13 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.08.13 04:37:38 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions
[2010.05.28 15:36:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.25 01:04:10 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.02.25 01:04:11 | 000,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
[2010.02.25 01:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{a880aeee-06f6-48e7-87c5-876fb64a2a56}
[2010.02.25 01:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010.02.25 01:04:12 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2010.06.09 10:04:05 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010.02.25 01:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\{E9A4B2C3-9857-4873-BA67-FB4271257B20}
[2010.06.02 10:12:06 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\beta@linkdiagnosis.com
[2010.02.25 01:04:06 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.03.07 23:42:06 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010.05.28 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\firebug@software.joehewitt.com
[2010.03.10 10:45:28 | 000,000,000 | ---D | M] -- C:\Users\Seblon\AppData\Roaming\mozilla\Firefox\Profiles\pa69l60d.default\extensions\yslow@yahoo-inc.com
[2009.07.16 16:29:14 | 000,001,720 | ---- | M] () -- C:\Users\Seblon\AppData\Roaming\Mozilla\FireFox\Profiles\pa69l60d.default\searchplugins\aol-search.xml
[2010.08.09 09:19:37 | 000,000,947 | ---- | M] () -- C:\Users\Seblon\AppData\Roaming\Mozilla\FireFox\Profiles\pa69l60d.default\searchplugins\icqplugin.xml
[2009.05.21 10:08:00 | 000,002,167 | ---- | M] () -- C:\Users\Seblon\AppData\Roaming\Mozilla\FireFox\Profiles\pa69l60d.default\searchplugins\oneview.xml
[2010.08.13 04:37:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.16 09:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.02 23:47:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.02 23:47:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.02 23:47:09 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.02 23:47:09 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.02 23:47:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Alexa) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Programme\Alexa Toolbar\AlxTB2.9.39.dll (Alexa Internet, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Motor_Tracking_Tool] C:\Windows\twain_32\USB2.0 Motor Tracking Camera\MTTool.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnGeL.exe - Verknüpfung.lnk = D:\c\seblon\Desktop\Bot\AnGeL.exe (-)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\Shell - "" = AutoRun
O33 - MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\Shell - "" = AutoRun
O33 - MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.13 09:28:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Seblon\Desktop\OTL.exe
[2010.08.13 08:19:44 | 128,750,008 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Users\Seblon\Desktop\Ad-AwareInstall.exe
[2010.08.13 07:01:01 | 000,000,000 | ---D | C] -- C:\Users\Seblon\AppData\Roaming\Malwarebytes
[2010.08.13 07:00:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.13 07:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.13 07:00:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.13 07:00:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.13 06:58:04 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Seblon\Desktop\mbam-setup.exe
[2010.08.10 13:23:15 | 000,000,000 | ---D | C] -- C:\Programme\seRapid
[2010.08.09 20:44:08 | 000,398,848 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\TVWizudlg.exe
[2010.08.09 20:44:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010.08.09 20:39:53 | 000,997,912 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2010.08.09 20:39:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010.08.09 20:38:50 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.08.09 20:38:16 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2010.08.09 20:35:01 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.09 20:35:01 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.09 20:35:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.09 20:35:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.09 20:34:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.08.09 20:34:11 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.09 20:34:11 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.09 20:33:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.08.09 20:33:55 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.08.09 20:33:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.08.09 20:33:15 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.08.09 20:33:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.08.09 20:22:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010.08.09 20:21:57 | 002,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2010.08.09 20:21:57 | 002,745,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.08.09 20:21:57 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2010.08.09 20:21:57 | 001,265,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2010.08.09 20:21:57 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.08.09 20:21:57 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010.08.09 20:21:57 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2010.08.09 20:21:57 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010.08.09 20:21:57 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010.08.09 20:21:57 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010.08.09 20:21:57 | 000,052,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2010.08.09 20:21:56 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2010.08.09 20:21:56 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010.08.09 20:21:56 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010.08.09 20:21:56 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010.08.09 20:21:56 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2010.08.09 20:21:55 | 000,266,240 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010.08.09 20:21:55 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2010.08.09 20:21:55 | 000,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2010.08.09 20:21:55 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.08.09 20:21:51 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.08.09 20:21:51 | 000,000,000 | -H-D | C] -- C:\Programme\Temp
[2010.08.09 20:17:47 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics
[2010.08.09 20:17:10 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2010.08.09 20:17:09 | 000,229,040 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys
[2010.08.09 20:17:09 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCtrl.dll
[2010.08.09 20:17:09 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCOM.dll
[2010.08.09 20:17:09 | 000,161,064 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPAPI.dll
[2010.08.09 20:17:09 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo4.dll
[2010.08.09 20:11:05 | 000,330,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2010.08.09 20:10:24 | 000,000,000 | ---D | C] -- C:\Programme\Apoint2K
[2010.08.09 20:09:58 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2010.08.09 20:09:58 | 000,203,824 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys
[2010.08.09 20:09:58 | 000,108,606 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll
[2010.08.09 20:09:28 | 000,000,000 | ---D | C] -- C:\Programme\Cisco
[2010.08.09 20:08:25 | 000,000,000 | ---D | C] -- C:\Programme\Broadcom
[2010.08.09 20:03:21 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010.08.09 20:03:21 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2010.08.09 20:02:40 | 000,000,000 | ---D | C] -- C:\Intel
[2010.08.09 20:01:52 | 000,000,000 | ---D | C] -- C:\Programme\Option
[2010.08.09 19:51:43 | 000,604,672 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\netr28.sys
[2010.08.09 19:51:43 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2010.08.09 19:51:43 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2010.08.09 19:46:09 | 001,781,760 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2010.08.09 19:46:09 | 000,000,000 | ---D | C] -- C:\Programme\Atheros
[2010.08.09 19:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010.08.09 19:45:37 | 000,000,000 | ---D | C] -- C:\Users\Seblon\AppData\Roaming\InstallShield
[2010.08.09 19:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2010.08.07 14:30:16 | 000,000,000 | ---D | C] -- C:\Users\Seblon\Documents\Fiesta
[2010.07.25 15:59:48 | 000,000,000 | ---D | C] -- C:\Windows\Presets
[2010.07.25 10:59:54 | 000,000,000 | ---D | C] -- C:\Programme\VirtualDJ
[2010.07.25 08:28:20 | 000,000,000 | ---D | C] -- C:\Programme\No23Live
[2010.07.24 21:48:54 | 000,000,000 | ---D | C] -- C:\Programme\edcast
[2010.07.22 14:35:21 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.07.22 14:30:48 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.07.20 13:27:54 | 000,000,000 | ---D | C] -- C:\Users\Seblon\Desktop\youthfm
[2010.07.19 23:41:06 | 000,000,000 | ---D | C] -- C:\Users\Seblon\Desktop\yfm und im
[2010.07.19 20:04:08 | 000,000,000 | ---D | C] -- C:\Users\Seblon\AppData\Roaming\DivX
[2010.07.19 20:03:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.07.19 20:02:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2010.07.19 19:58:49 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.07.19 19:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.13 09:39:28 | 003,407,872 | -HS- | M] () -- C:\Users\Seblon\NTUSER.DAT
[2010.08.13 09:37:49 | 000,741,376 | ---- | M] () -- C:\Windows\System32\drivers\jzhkpqtl.sys
[2010.08.13 09:28:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Seblon\Desktop\OTL.exe
[2010.08.13 08:28:54 | 128,750,008 | ---- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Users\Seblon\Desktop\Ad-AwareInstall.exe
[2010.08.13 08:12:21 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\amde.sys
[2010.08.13 08:03:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.13 08:03:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.13 07:58:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.13 07:58:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.13 07:58:28 | 2359,980,032 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.13 07:57:42 | 001,905,824 | -H-- | M] () -- C:\Users\Seblon\AppData\Local\IconCache.db
[2010.08.13 07:52:47 | 000,013,351 | ---- | M] () -- C:\Users\Seblon\AppData\Roaming\phpdesigner2007pe.xml
[2010.08.13 07:00:47 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 06:58:47 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Seblon\Desktop\mbam-setup.exe
[2010.08.10 13:33:13 | 000,001,094 | ---- | M] () -- C:\Windows\seRapid.INI
[2010.08.10 13:23:15 | 000,000,899 | ---- | M] () -- C:\Users\Seblon\Desktop\InfoRapid Suchen & Ersetzen.lnk
[2010.08.10 13:22:58 | 001,045,824 | ---- | M] () -- C:\Users\Seblon\Desktop\se.exe
[2010.08.09 20:42:59 | 000,319,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.09 20:17:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010.08.09 20:10:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01007.Wdf
[2010.08.09 20:08:19 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll
[2010.08.09 19:32:55 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI
[2010.07.30 16:45:46 | 000,029,810 | ---- | M] () -- C:\Users\Seblon\Desktop\einladung-gray.jpg
[2010.07.30 16:43:43 | 000,043,506 | ---- | M] () -- C:\Users\Seblon\Desktop\einladung.jpg
[2010.07.27 15:15:03 | 000,018,065 | ---- | M] () -- C:\Users\Seblon\Desktop\traum.jpg
[2010.07.27 15:12:59 | 000,008,288 | ---- | M] () -- C:\Users\Seblon\Desktop\Herz.gif
[2010.07.27 01:49:33 | 000,035,122 | ---- | M] () -- C:\Users\Seblon\Documents\getränkemarken.odt
[2010.07.27 01:24:56 | 000,003,029 | ---- | M] () -- C:\Users\Seblon\Desktop\marke.jpg
[2010.07.26 12:09:02 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.26 12:09:02 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.26 12:09:02 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.26 12:09:02 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.26 12:09:02 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.25 11:00:34 | 000,000,923 | ---- | M] () -- C:\Users\Seblon\Desktop\Virtual DJ.lnk
[2010.07.25 09:58:42 | 000,002,048 | ---- | M] () -- C:\Users\Seblon\Desktop\SimpleCast.lnk
[2010.07.25 08:28:22 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\No23Live.lnk
[2010.07.24 21:55:02 | 000,000,989 | ---- | M] () -- C:\Users\Seblon\Desktop\edcast.lnk
[2010.07.22 19:33:47 | 000,000,572 | ---- | M] () -- C:\Windows\win.ini
[2010.07.18 16:46:57 | 000,016,896 | ---- | M] () -- C:\Users\Seblon\Documents\flug18-07.doc
[2010.07.18 16:38:35 | 000,069,808 | ---- | M] () -- C:\Users\Seblon\Documents\flug18-07.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.13 08:12:21 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\amde.sys
[2010.08.13 07:00:47 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.10 13:33:07 | 000,001,094 | ---- | C] () -- C:\Windows\seRapid.INI
[2010.08.10 13:23:15 | 000,000,899 | ---- | C] () -- C:\Users\Seblon\Desktop\InfoRapid Suchen & Ersetzen.lnk
[2010.08.10 13:22:50 | 001,045,824 | ---- | C] () -- C:\Users\Seblon\Desktop\se.exe
[2010.08.09 20:44:08 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.08.09 20:44:08 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2010.08.09 20:21:58 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010.08.09 20:21:58 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.08.09 20:21:58 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010.08.09 20:21:58 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.08.09 20:21:58 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.08.09 20:21:58 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010.08.09 20:17:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010.08.09 20:10:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01007.Wdf
[2010.08.09 20:08:29 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.08.09 19:51:43 | 000,353,812 | ---- | C] () -- C:\Windows\System32\netr28.inf
[2010.08.09 19:51:43 | 000,021,606 | ---- | C] () -- C:\Windows\System32\netr28.cat
[2010.08.09 19:51:43 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010.08.09 19:46:09 | 000,330,449 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2010.08.09 19:46:09 | 000,053,090 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2010.08.09 19:32:55 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2010.08.01 20:43:07 | 000,530,512 | ---- | C] () -- C:\Users\Seblon\Desktop\3jahre.mp3
[2010.07.30 16:45:46 | 000,029,810 | ---- | C] () -- C:\Users\Seblon\Desktop\einladung-gray.jpg
[2010.07.30 16:43:43 | 000,043,506 | ---- | C] () -- C:\Users\Seblon\Desktop\einladung.jpg
[2010.07.27 15:15:03 | 000,018,065 | ---- | C] () -- C:\Users\Seblon\Desktop\traum.jpg
[2010.07.27 15:12:58 | 000,008,288 | ---- | C] () -- C:\Users\Seblon\Desktop\Herz.gif
[2010.07.27 01:49:30 | 000,035,122 | ---- | C] () -- C:\Users\Seblon\Documents\getränkemarken.odt
[2010.07.27 01:24:56 | 000,003,029 | ---- | C] () -- C:\Users\Seblon\Desktop\marke.jpg
[2010.07.25 11:00:34 | 000,000,923 | ---- | C] () -- C:\Users\Seblon\Desktop\Virtual DJ.lnk
[2010.07.25 09:58:42 | 000,002,048 | ---- | C] () -- C:\Users\Seblon\Desktop\SimpleCast.lnk
[2010.07.25 08:28:22 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\No23Live.lnk
[2010.07.24 21:55:02 | 000,000,989 | ---- | C] () -- C:\Users\Seblon\Desktop\edcast.lnk
[2010.07.18 16:38:33 | 000,069,808 | ---- | C] () -- C:\Users\Seblon\Documents\flug18-07.pdf
[2010.05.18 10:22:15 | 000,741,376 | ---- | C] () -- C:\Windows\System32\drivers\jzhkpqtl.sys
[2010.04.22 18:53:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.04.22 18:51:55 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.22 18:51:32 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.17 13:00:17 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2010.04.06 15:47:21 | 000,015,363 | ---- | C] () -- C:\Windows\930TwCfg.INI
[2010.04.06 15:47:18 | 000,376,374 | ---- | C] () -- C:\Windows\System32\drivers\Capt930b.sys
[2010.04.06 15:47:18 | 000,025,728 | ---- | C] () -- C:\Windows\System32\drivers\Camd930b.sys
[2010.03.23 16:46:20 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.25 02:00:06 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2004.02.24 17:09:30 | 000,045,568 | ---- | C] () -- C:\Windows\System32\xWSock32.dll
[2003.10.10 16:12:58 | 000,141,824 | ---- | C] () -- C:\Windows\System32\xmenu2.dll
[2002.08.09 11:10:04 | 000,017,408 | ---- | C] () -- C:\Windows\System32\xNSLookup.dll
< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 13.08.2010 09:30:47 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Seblon\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 42,47 Gb Free Space | 60,98% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 26,69 Gb Free Space | 38,33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEBLON-LAPTOP
Current User Name: Seblon
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32EF7022-B623-4B6A-B41D-400558207243}_is1" = Company Logo Designer 2.xx
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1482E0-7119-4A66-BBF1-FFD95A6BA16C}" = No23Live
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{884BB5CC-108E-41a9-936D-955C999C06A1}_x" = Driver Installer 
"{892772D7-1A4D-45A8-86E3-1D6CE9543659}" = CadiaFakturaFreeware
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527450C-64B3-11D5-9B31-000021116B62}" = SmartCamera Ver 2.1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{D0AF1483-31AD-4FEB-A961-C9327185439F}" = USB2.0 Motor Tracking Camera
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFA72D36-5C42-4379-A294-9EC88A56D27B}" = Driver Installer
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = Officejet J4500 Series
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFE356A6-91C3-450F-A469-504ACA655A7A}_is1" = PADGen 3.1.0.41
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8584160-CC6E-11d5-954F-5254AB1A4DB7}" = Pluto Client
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE773CD-9201-4655-87F3-4E051860D47D}" = Ralink Wireless LAN  v3.0.2.0 Installation Program for Windows7
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alexa Toolbar" = Alexa Toolbar
"AMIP" = AMIP (remove only)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CamStudio" = CamStudio
"Casino.com" = Casino.com
"ColorPic" = ColorPic
"Daolnwod Software Submitter_is1" = Daolnwod Software Submitter 1.5
"Der VerkehrsGigant-Gold Edition" = Der VerkehrsGigant-Gold Edition
"DivX Setup.divx.com" = DivX-Setup
"DriverAgent.exe" = DriverAgent by eSupport.com
"FBDBServer_1_5_is1" = Firebird 1.5.2.4731
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.02.093
"FileZilla Client" = FileZilla Client 3.3.2.1
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"HD Tune_is1" = HD Tune 2.55
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"InfoRapid Suchen & Ersetzen" = InfoRapid Suchen & Ersetzen
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"PaRaMeter_is1" = PaRaMeter 1.3
"PHP Designer 2007 - Personal_is1" = PHP Designer 2007 - Personal - version 5.0.2
"SAM3" = SAM Broadcaster (remove only)
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SimpleCast" = SimpleCast (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"Tunnelier" = Bitvise Tunnelier 4.29 (remove only)
"TVWiz" = Intel(R) TV Wizard
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"wLite" = webcamXP Lite
"Wormux" = Wormux
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Imagicon" = Imagicon
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.07.2010 15:29:10 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: skypePM.exe, Version: 3.0.0.5, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: ezPMUtils.dll, Version: 3.0.0.91, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b49f7  ID des fehlerhaften Prozesses:
 0x22b4  Startzeit der fehlerhaften Anwendung: 0x01cb27545af89d55  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Skype\Plugin Manager\skypePM.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll  Berichtskennung: e76fc2a1-936b-11df-91f5-0015831212e7
 
Error - 22.07.2010 08:37:25 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Internet Explorer" konnte nicht heruntergefahren
 werden.
 
Error - 24.07.2010 15:30:34 | Computer Name = Seblon-Laptop | Source = sc_serv2 | ID = 1
Description = 
 
Error - 24.07.2010 15:30:34 | Computer Name = Seblon-Laptop | Source = sc_serv2 | ID = 1
Description = 
 
Error - 25.07.2010 04:41:21 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_shell32.dll, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc637  Name des fehlerhaften Moduls: ntdll.dll,
 Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdadb  Ausnahmecode: 0xc0000374  Fehleroffset:
 0x000c283b  ID des fehlerhaften Prozesses: 0x32c0  Startzeit der fehlerhaften Anwendung:
 0x01cb2bd51df044f2  Pfad der fehlerhaften Anwendung: C:\Windows\System32\rundll32.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 65ce9491-97c8-11df-91f5-0015831212e7
 
Error - 25.07.2010 04:41:26 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdadb  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c283b  ID des fehlerhaften
 Prozesses: 0xd10  Startzeit der fehlerhaften Anwendung: 0x01cb1daeece5f60f  Pfad der
 fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
 692e46f7-97c8-11df-91f5-0015831212e7
 
Error - 25.07.2010 04:52:06 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_Shell32.dll, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc637  Name des fehlerhaften Moduls: ntdll.dll,
 Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdadb  Ausnahmecode: 0xc0000374  Fehleroffset:
 0x000c283b  ID des fehlerhaften Prozesses: 0x3a70  Startzeit der fehlerhaften Anwendung:
 0x01cb2bd699e0703f  Pfad der fehlerhaften Anwendung: C:\Windows\system32\rundll32.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: e61a8935-97c9-11df-91f5-0015831212e7
 
Error - 31.07.2010 07:28:58 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SAMBC.exe, Version: 1.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdaae  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x00009617  ID des fehlerhaften
 Prozesses: 0xcfc  Startzeit der fehlerhaften Anwendung: 0x01cb2ff6c5c16de1  Pfad der
 fehlerhaften Anwendung: C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: cefe4374-9c96-11df-a799-0015831212e7
 
Error - 05.08.2010 19:04:02 | Computer Name = Seblon-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.1.10,
 Zeitstempel: 0x4c06fc6d  Name des fehlerhaften Moduls: MSVCP80.dll, Version: 8.0.50727.4927,
 Zeitstempel: 0x4a275370  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000100b5  ID des fehlerhaften
 Prozesses: 0x70c  Startzeit der fehlerhaften Anwendung: 0x01cb2e577477a457  Pfad der
 fehlerhaften Anwendung: C:\Program Files\DivX\DivX Update\DivXUpdate.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll
Berichtskennung:
 bccc024c-a0e5-11df-a799-0015831212e7
 
Error - 09.08.2010 13:36:05 | Computer Name = Seblon-Laptop | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800706be fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB979482)
 
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB979559)
 
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800706ba fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software
 - Juli 2010 (KB890830)
 
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB978542)
 
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 (KB980408)
 
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800706ba fehlgeschlagen: Kumulatives Sicherheitsupdate für ActiveX Killbits
 für Windows 7 (KB980195)
 
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800706ba fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.87.1528.0)
 
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800706ba fehlgeschlagen: Microsoft .NET Framework 3.5 SP1-Update für Windows
 7 x86 (KB982526)
 
Error - 09.08.2010 14:40:46 | Computer Name = Seblon-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB978601)
 
Error - 09.08.2010 14:43:20 | Computer Name = Seblon-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   tcpipBM
 
 
< End of report >
         
__________________

Alt 13.08.2010, 09:55   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Was ist mit malwarebytes?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.08.2010, 11:09   #5
seblon
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Oh sry, hier Malwarebytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4423

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.08.2010 07:57:15
mbam-log-2010-08-13 (07-57-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160146
Laufzeit: 26 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\system32\Drivers\jzhkpqtl.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
         


Alt 13.08.2010, 12:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Mach bitte einen Vollscan und aktuellen Signaturen!
Poste auch alle anderen Logs von Malwarebytes falls vorhanden.
__________________
--> RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys

Alt 14.08.2010, 12:05   #7
seblon
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



So hab Malwarebytes über nacht laufen lassen:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4427

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.08.2010 13:00:20
mbam-log-2010-08-14 (13-00-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 425186
Laufzeit: 5 Stunde(n), 29 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Casino\William Hill CASINO CLUB\_SetupCasino_42ea18_de.exe (Adware.Casino) -> Not selected for removal.
C:\Users\Seblon\Desktop\yfm und im\brutus\BrutusA2.exe (HackTool.Brutus) -> Not selected for removal.
C:\Windows\System32\drivers\jzhkpqtl.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\c\seblon\Desktop\brutus-aet2\BrutusA2.exe (HackTool.Brutus) -> Not selected for removal.
         
Das Casino hab ich bewusst installiert und deswegen auch nicht entfernen lassen, genauso wie Brutus, welches ich zu Testzwecken benötige (um meine Webprojekte und Server zu prüfen).

Alt 14.08.2010, 17:26   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
SRV - (Vsssat) --  File not found
FF - prefs.js..network.proxy.backup.ftp: "200.63.17.162"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "200.63.17.162"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "200.63.17.162"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "200.63.17.162"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "200.63.17.162"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "200.63.17.162"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "200.63.17.162"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,samsung.router"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "200.63.17.162"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "200.63.17.162"
FF - prefs.js..network.proxy.ssl_port: 8080
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O33 - MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\Shell - "" = AutoRun
O33 - MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\Shell - "" = AutoRun
O33 - MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
[2010.08.13 09:37:49 | 000,741,376 | ---- | M] () -- C:\Windows\System32\drivers\jzhkpqtl.sys
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.08.2010, 19:26   #9
seblon
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Habs wie beschrieben ausgeführt. Der PC musste tatsächlich neugestartet werden. Nach dem Neustart öffnete sich folgender Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Service Vsssat stopped successfully!
Service Vsssat deleted successfully!
File   File not found not found.
Prefs.js: "200.63.17.162" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "200.63.17.162" removed from network.proxy.backup.gopher
Prefs.js: 8080 removed from network.proxy.backup.gopher_port
Prefs.js: "200.63.17.162" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "200.63.17.162" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "200.63.17.162" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "200.63.17.162" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "200.63.17.162" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1,samsung.router" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "200.63.17.162" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "200.63.17.162" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5586dc-4dcd-11df-bcd4-0015831212e7}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a25250c4-6351-11df-9d3a-0015831212e7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a25250c4-6351-11df-9d3a-0015831212e7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a25250c4-6351-11df-9d3a-0015831212e7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a25250cf-6351-11df-9d3a-0015831212e7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a25250cf-6351-11df-9d3a-0015831212e7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a25250cf-6351-11df-9d3a-0015831212e7}\ not found.
File G:\AutoRun.exe not found.
File C:\Windows\System32\drivers\jzhkpqtl.sys not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Seblon
->Temp folder emptied: 611281266 bytes
->Temporary Internet Files folder emptied: 52091610 bytes
->Java cache emptied: 22496260 bytes
->FireFox cache emptied: 20786646 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 30161624 bytes
->Flash cache emptied: 2628547 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9252188 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 714,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08142010_201024

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 14.08.2010, 23:42   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.08.2010, 00:33   #11
seblon
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Code:
ATTFilter
ComboFix 10-08-14.02 - Seblon 15.08.2010   1:19.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3001.2166 [GMT 2:00]
ausgeführt von:: c:\users\Seblon\Desktop\cofi.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\alexa toolbar
c:\program files\alexa toolbar\AlxTB2.9.39.dll
c:\program files\alexa toolbar\Uninstall9.exe
c:\windows\system32\win.ini

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-14 bis 2010-08-14  ))))))))))))))))))))))))))))))
.

2010-08-14 23:26 . 2010-08-14 23:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-14 23:08 . 2010-08-14 23:09	--------	d-----w-	c:\program files\CCleaner
2010-08-14 18:10 . 2010-08-14 18:10	--------	d-----w-	C:\_OTL
2010-08-13 05:01 . 2010-08-13 05:01	--------	d-----w-	c:\users\Seblon\AppData\Roaming\Malwarebytes
2010-08-13 05:00 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 05:00 . 2010-08-13 05:00	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-13 05:00 . 2010-08-13 05:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-13 05:00 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-10 11:23 . 2010-08-10 11:23	--------	d-----w-	c:\program files\seRapid
2010-08-09 18:44 . 2009-06-03 08:26	398848	----a-w-	c:\windows\system32\TVWizudlg.exe
2010-08-09 18:44 . 2009-06-03 08:26	140288	----a-w-	c:\windows\system32\igfxtvcx.dll
2010-08-09 18:44 . 2010-08-09 18:44	--------	d-----w-	c:\windows\system32\Lang
2010-08-09 18:39 . 2010-08-09 18:39	--------	d-----w-	c:\windows\system32\x64
2010-08-09 18:39 . 2009-06-03 16:19	997912	----a-w-	c:\windows\system32\igxpun.exe
2010-08-09 18:38 . 2010-02-11 07:10	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-08-09 18:38 . 2010-08-09 18:38	--------	d-----w-	c:\program files\MSXML 4.0
2010-08-09 18:35 . 2010-05-21 05:18	977920	----a-w-	c:\windows\system32\wininet.dll
2010-08-09 18:34 . 2010-02-27 12:07	3954568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-09 18:34 . 2010-02-27 12:07	3899280	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-09 18:33 . 2010-03-05 07:42	67584	----a-w-	c:\windows\system32\asycfilt.dll
2010-08-09 18:33 . 2010-03-08 21:33	427520	----a-w-	c:\windows\system32\vbscript.dll
2010-08-09 18:33 . 2010-04-23 07:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-08-09 18:33 . 2010-02-27 07:32	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-08-09 18:33 . 2010-02-27 07:32	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2010-08-09 18:33 . 2010-02-27 07:32	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-08-09 18:33 . 2010-01-09 06:52	132608	----a-w-	c:\windows\system32\cabview.dll
2010-08-09 18:33 . 2010-05-27 07:24	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-08-09 18:33 . 2010-05-27 03:49	293888	----a-w-	c:\windows\system32\atmfd.dll
2010-08-09 18:22 . 2010-08-09 18:22	--------	d-----w-	c:\windows\system32\RTCOM
2010-08-09 18:17 . 2010-08-09 18:17	--------	d-----w-	c:\program files\Synaptics
2010-08-09 18:17 . 2009-08-07 07:49	1461992	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2010-08-09 18:17 . 2009-09-17 18:12	229040	----a-w-	c:\windows\system32\drivers\SynTP.sys
2010-08-09 18:17 . 2009-09-17 18:11	161064	----a-w-	c:\windows\system32\SynTPAPI.dll
2010-08-09 18:17 . 2009-09-17 18:11	120104	----a-w-	c:\windows\system32\SynTPCo4.dll
2010-08-09 18:17 . 2009-09-17 18:11	206120	----a-w-	c:\windows\system32\SynCtrl.dll
2010-08-09 18:17 . 2009-09-17 18:11	169256	----a-w-	c:\windows\system32\SynCOM.dll
2010-08-09 18:11 . 2009-06-04 16:43	330264	----a-w-	c:\windows\system32\drivers\iaStor.sys
2010-08-09 18:10 . 2010-08-09 18:10	--------	d-----w-	c:\program files\Apoint2K
2010-08-09 18:09 . 2009-05-24 17:50	203824	----a-w-	c:\windows\system32\drivers\Apfiltr.sys
2010-08-09 18:09 . 2009-05-08 12:47	108606	----a-w-	c:\windows\system32\Vxdif.dll
2010-08-09 18:09 . 2008-03-27 14:49	1112288	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2010-08-09 18:09 . 2010-08-09 18:09	--------	d-----w-	c:\program files\Cisco
2010-08-09 18:08 . 2010-08-09 18:08	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2010-08-09 18:08 . 2010-08-09 18:08	--------	d-----w-	c:\program files\Broadcom
2010-08-09 18:03 . 2010-08-09 18:44	--------	d-----w-	c:\program files\Intel
2010-08-09 18:03 . 2009-08-26 13:04	53248	----a-w-	c:\windows\system32\CSVer.dll
2010-08-09 18:02 . 2010-08-09 18:02	--------	d-----w-	C:\Intel
2010-08-09 18:01 . 2010-08-09 18:01	--------	d-----w-	c:\program files\Option
2010-08-09 17:51 . 2010-08-09 17:51	--------	d-----w-	c:\windows\Options
2010-08-09 17:51 . 2009-06-19 13:57	604672	----a-w-	c:\windows\system32\netr28.sys
2010-08-09 17:51 . 2009-06-18 18:07	221184	----a-w-	c:\windows\system32\RaCoInst.dll
2010-08-09 17:51 . 2009-06-18 18:07	13931	----a-w-	c:\windows\system32\RaCoInst.dat
2010-08-09 17:46 . 2010-08-09 17:46	--------	d-----w-	c:\program files\Atheros
2010-08-09 17:46 . 2010-02-12 21:48	1781760	----a-w-	c:\windows\system32\athr.sys
2010-08-09 17:45 . 2010-08-09 17:45	--------	d-----w-	c:\programdata\Atheros
2010-08-09 17:45 . 2010-08-09 17:45	--------	d-----w-	c:\users\Seblon\AppData\Roaming\InstallShield
2010-08-09 17:35 . 2010-08-09 17:35	--------	d-----w-	c:\programdata\Ralink
2010-07-25 13:59 . 2010-07-25 13:59	--------	d-----w-	c:\windows\Presets
2010-07-25 08:59 . 2010-07-25 09:00	--------	d-----w-	c:\program files\VirtualDJ
2010-07-25 06:28 . 2010-07-25 06:31	--------	d-----w-	c:\program files\No23Live
2010-07-24 19:48 . 2010-07-24 20:04	--------	d-----w-	c:\program files\edcast
2010-07-22 12:35 . 2010-07-22 12:35	--------	d-----w-	c:\program files\Apple Software Update
2010-07-22 12:30 . 2010-07-22 12:38	--------	d-----w-	c:\program files\QuickTime
2010-07-19 18:05 . 2010-07-19 18:05	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-19 18:05 . 2010-07-19 17:58	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-07-19 18:05 . 2010-07-19 17:58	895256	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-19 18:04 . 2010-07-19 18:04	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04	57715	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-07-19 18:04 . 2010-07-29 16:20	--------	d-----w-	c:\users\Seblon\AppData\Roaming\DivX
2010-07-19 18:02 . 2010-07-19 18:02	54073	----a-w-	c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-19 18:02 . 2010-07-19 18:02	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-07-19 18:02 . 2010-07-19 18:02	56969	----a-w-	c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-07-19 17:58 . 2010-07-19 18:04	--------	d-----w-	c:\program files\DivX
2010-07-19 17:58 . 2010-07-19 18:04	--------	d-----w-	c:\programdata\DivX

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 23:16 . 2010-02-24 23:26	--------	d-----w-	c:\users\Seblon\AppData\Roaming\Skype
2010-08-14 23:02 . 2010-02-25 10:51	--------	d-----w-	c:\users\Seblon\AppData\Roaming\ICQ
2010-08-14 22:07 . 2010-02-24 23:27	--------	d-----w-	c:\users\Seblon\AppData\Roaming\skypePM
2010-08-13 13:34 . 2010-02-24 23:50	--------	d-----w-	c:\users\Seblon\AppData\Roaming\Winamp
2010-08-12 19:52 . 2010-07-11 07:34	--------	d-----w-	c:\program files\ICQ7.2
2010-08-11 13:45 . 2010-02-24 23:15	--------	d-----w-	c:\users\Seblon\AppData\Roaming\FileZilla
2010-08-09 18:38 . 2010-04-28 13:33	--------	d-----w-	c:\program files\Movie Maker 2.6
2010-08-09 18:22 . 2010-08-09 18:21	--------	d--h--w-	c:\program files\Temp
2010-08-09 18:21 . 2010-08-09 18:21	--------	d-----w-	c:\program files\Realtek
2010-08-09 18:21 . 2010-02-24 23:32	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-09 18:17 . 2010-08-09 18:17	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-08-09 18:10 . 2010-08-09 18:10	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01007.Wdf
2010-08-02 14:39 . 2010-03-08 12:40	--------	d-----w-	c:\program files\Messenger Plus! Live
2010-08-02 06:19 . 2010-02-26 16:11	1	----a-w-	c:\users\Seblon\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-26 10:09 . 2009-07-14 08:47	643866	----a-w-	c:\windows\system32\perfh007.dat
2010-07-26 10:09 . 2009-07-14 08:47	126394	----a-w-	c:\windows\system32\perfc007.dat
2010-07-25 07:58 . 2010-02-24 23:57	--------	d-----w-	c:\program files\SpacialAudio
2010-07-24 19:34 . 2010-02-24 23:50	--------	d-----w-	c:\program files\Winamp
2010-07-19 18:04 . 2010-02-24 23:01	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-07-19 16:20 . 2010-06-17 13:52	1585608	----a-w-	c:\programdata\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2010-07-07 14:11 . 2010-06-21 13:33	--------	d-----w-	c:\program files\LimeWire
2010-07-02 11:47 . 2010-07-02 11:47	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-07-02 11:47 . 2010-07-02 07:02	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-07-02 11:46 . 2010-07-02 11:47	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-07-02 11:45 . 2010-04-28 12:34	--------	d-----w-	c:\program files\Lavasoft
2010-07-02 11:45 . 2010-07-02 11:45	--------	dc-h--w-	c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-07-01 16:35 . 2010-02-24 23:52	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2010-06-27 11:58 . 2010-06-27 11:58	--------	d-----w-	c:\program files\Gamigo Games
2010-06-27 10:53 . 2010-06-27 10:53	--------	d-----w-	c:\programdata\PMB Files
2010-06-27 10:52 . 2010-06-27 10:52	--------	d-----w-	c:\program files\Pando Networks
2010-06-24 18:03 . 2010-05-07 19:10	--------	d-----w-	c:\programdata\Zylom
2010-06-21 13:32 . 2010-06-21 13:02	--------	d-----w-	c:\program files\Filetopia3
2010-06-17 14:17 . 2010-06-17 14:17	1662976	----a-w-	c:\programdata\Skype\Plugins\Plugins\5F4F26549C094CDEA4BA0531F053A953\LoveChat.dll
2010-06-17 14:10 . 2010-06-17 14:10	53760	----a-w-	c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2010-06-17 14:10 . 2010-06-17 14:10	868352	----a-w-	c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2010-06-17 14:10 . 2010-06-17 14:10	640000	----a-w-	c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2010-06-17 14:10 . 2010-06-17 14:10	1712128	----a-w-	c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2010-06-17 14:06 . 2010-06-17 14:06	1856000	----a-w-	c:\programdata\Skype\Plugins\Plugins\C764B54920584E4DB6ED22C76181C663\Skype_ICQ.dll
2010-06-17 13:50 . 2010-06-17 13:50	444416	----a-w-	c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\setup.exe
2010-06-17 13:50 . 2010-06-17 13:50	29184	----a-w-	c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\WBMLauncher.exe
2010-06-16 14:09 . 2010-06-16 10:29	--------	d-----w-	c:\programdata\webcamXP 5
2010-06-16 10:30 . 2010-06-16 10:29	--------	d-----w-	c:\program files\wLite
2010-06-08 15:41 . 2010-04-21 18:07	115584	----a-w-	c:\programdata\WebEx\WebEx\926\atasnt40.dll
2010-06-02 08:28 . 2010-06-09 08:04	865792	----a-w-	c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-05-18 08:21 . 2010-05-18 08:21	16	----a-w-	c:\users\Seblon\AppData\Roaming\qvjsge.dat
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-06-23 110592]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-09 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Motor_Tracking_Tool"="c:\windows\Twain_32\USB2.0 Motor Tracking Camera\MTTool.exe" [2006-08-22 602168]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-05-23 253952]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-21 217088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-17 1565992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-03 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-03 143872]

c:\users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AnGeL.exe - Verknpfung.lnk - d:\c\seblon\Desktop\Bot\AnGeL.exe [2010-2-24 507904]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-25 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Seblon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-07-23 14:49	1755960	----a-w-	c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44	3883840	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STICAP]
2005-07-07 15:27	151552	----a-w-	c:\windows\twain_32\USB2.0 Motor Tracking Camera\SnapTrap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44	85160	----a-w-	c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-02 1352832]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-05-06 23456]
R3 SQTECH930B;USB 2.0 Motor Tracking Camera;c:\windows\system32\Drivers\Capt930b.sys [2006-09-07 376374]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2010-05-02 5027328]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-02 64288]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 108289]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 65536]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 1527893]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - BMLoad
*Deregistered* - jzhkpqtl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-08-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.youth-fm.de/index.htm
IE: Google AdSense Preview-Tool - hxxp://pagead2.googlesyndication.com/pagead/preview/de/preview.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.youth-fm.de/
FF - component: c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Seblon\AppData\Roaming\Mozilla\plugins\npatgpc.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files\Alexa Toolbar\AlxTB2.9.39.dll



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jzhkpqtl]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-08-15  01:28:55
ComboFix-quarantined-files.txt  2010-08-14 23:28

Vor Suchlauf: 24 Verzeichnis(se), 45.653.233.664 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 45.325.848.576 Bytes frei

- - End Of File - - 6A899FA733EF4A75E4D4E45FBB0BA51E
         

Alt 15.08.2010, 18:20   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
File::
c:\users\Seblon\AppData\Roaming\qvjsge.dat

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jzhkpqtl]
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.08.2010, 18:44   #13
seblon
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Hab ich gemacht:
Code:
ATTFilter
ComboFix 10-08-14.06 - Seblon 15.08.2010  19:28:11.2.1 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3001.2095 [GMT 2:00]
ausgeführt von:: c:\users\Seblon\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Seblon\Desktop\CFScript.txt

FILE ::
"c:\users\Seblon\AppData\Roaming\qvjsge.dat"
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Seblon\AppData\Roaming\qvjsge.dat
c:\windows\system32\drivers\dvdmlgs.sys

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_lovcpfkd


(((((((((((((((((((((((   Dateien erstellt von 2010-07-15 bis 2010-08-15  ))))))))))))))))))))))))))))))
.

2010-08-15 17:35 . 2010-08-15 17:35	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-14 23:17 . 2010-08-14 23:29	--------	d-----w-	C:\cofi
2010-08-14 23:08 . 2010-08-14 23:09	--------	d-----w-	c:\program files\CCleaner
2010-08-14 18:10 . 2010-08-14 18:10	--------	d-----w-	C:\_OTL
2010-08-13 05:01 . 2010-08-13 05:01	--------	d-----w-	c:\users\Seblon\AppData\Roaming\Malwarebytes
2010-08-13 05:00 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 05:00 . 2010-08-13 05:00	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-13 05:00 . 2010-08-13 05:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-13 05:00 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-10 11:23 . 2010-08-10 11:23	--------	d-----w-	c:\program files\seRapid
2010-08-09 18:44 . 2009-06-03 08:26	398848	----a-w-	c:\windows\system32\TVWizudlg.exe
2010-08-09 18:44 . 2009-06-03 08:26	140288	----a-w-	c:\windows\system32\igfxtvcx.dll
2010-08-09 18:44 . 2010-08-09 18:44	--------	d-----w-	c:\windows\system32\Lang
2010-08-09 18:39 . 2010-08-09 18:39	--------	d-----w-	c:\windows\system32\x64
2010-08-09 18:39 . 2009-06-03 16:19	997912	----a-w-	c:\windows\system32\igxpun.exe
2010-08-09 18:38 . 2010-02-11 07:10	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-08-09 18:38 . 2010-08-09 18:38	--------	d-----w-	c:\program files\MSXML 4.0
2010-08-09 18:35 . 2010-05-21 05:18	977920	----a-w-	c:\windows\system32\wininet.dll
2010-08-09 18:34 . 2010-02-27 12:07	3954568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-09 18:34 . 2010-02-27 12:07	3899280	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-09 18:33 . 2010-03-05 07:42	67584	----a-w-	c:\windows\system32\asycfilt.dll
2010-08-09 18:33 . 2010-03-08 21:33	427520	----a-w-	c:\windows\system32\vbscript.dll
2010-08-09 18:33 . 2010-04-23 07:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-08-09 18:33 . 2010-02-27 07:32	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-08-09 18:33 . 2010-02-27 07:32	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2010-08-09 18:33 . 2010-02-27 07:32	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-08-09 18:33 . 2010-01-09 06:52	132608	----a-w-	c:\windows\system32\cabview.dll
2010-08-09 18:33 . 2010-05-27 07:24	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-08-09 18:33 . 2010-05-27 03:49	293888	----a-w-	c:\windows\system32\atmfd.dll
2010-08-09 18:22 . 2010-08-09 18:22	--------	d-----w-	c:\windows\system32\RTCOM
2010-08-09 18:17 . 2010-08-09 18:17	--------	d-----w-	c:\program files\Synaptics
2010-08-09 18:17 . 2009-08-07 07:49	1461992	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2010-08-09 18:17 . 2009-09-17 18:12	229040	----a-w-	c:\windows\system32\drivers\SynTP.sys
2010-08-09 18:17 . 2009-09-17 18:11	161064	----a-w-	c:\windows\system32\SynTPAPI.dll
2010-08-09 18:17 . 2009-09-17 18:11	120104	----a-w-	c:\windows\system32\SynTPCo4.dll
2010-08-09 18:17 . 2009-09-17 18:11	206120	----a-w-	c:\windows\system32\SynCtrl.dll
2010-08-09 18:17 . 2009-09-17 18:11	169256	----a-w-	c:\windows\system32\SynCOM.dll
2010-08-09 18:11 . 2009-06-04 16:43	330264	----a-w-	c:\windows\system32\drivers\iaStor.sys
2010-08-09 18:10 . 2010-08-09 18:10	--------	d-----w-	c:\program files\Apoint2K
2010-08-09 18:09 . 2009-05-24 17:50	203824	----a-w-	c:\windows\system32\drivers\Apfiltr.sys
2010-08-09 18:09 . 2009-05-08 12:47	108606	----a-w-	c:\windows\system32\Vxdif.dll
2010-08-09 18:09 . 2008-03-27 14:49	1112288	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2010-08-09 18:09 . 2010-08-09 18:09	--------	d-----w-	c:\program files\Cisco
2010-08-09 18:08 . 2010-08-09 18:08	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2010-08-09 18:08 . 2010-08-09 18:08	--------	d-----w-	c:\program files\Broadcom
2010-08-09 18:03 . 2010-08-09 18:44	--------	d-----w-	c:\program files\Intel
2010-08-09 18:03 . 2009-08-26 13:04	53248	----a-w-	c:\windows\system32\CSVer.dll
2010-08-09 18:02 . 2010-08-09 18:02	--------	d-----w-	C:\Intel
2010-08-09 18:01 . 2010-08-09 18:01	--------	d-----w-	c:\program files\Option
2010-08-09 17:51 . 2010-08-09 17:51	--------	d-----w-	c:\windows\Options
2010-08-09 17:51 . 2009-06-19 13:57	604672	----a-w-	c:\windows\system32\netr28.sys
2010-08-09 17:51 . 2009-06-18 18:07	221184	----a-w-	c:\windows\system32\RaCoInst.dll
2010-08-09 17:51 . 2009-06-18 18:07	13931	----a-w-	c:\windows\system32\RaCoInst.dat
2010-08-09 17:46 . 2010-08-09 17:46	--------	d-----w-	c:\program files\Atheros
2010-08-09 17:46 . 2010-02-12 21:48	1781760	----a-w-	c:\windows\system32\athr.sys
2010-08-09 17:45 . 2010-08-09 17:45	--------	d-----w-	c:\programdata\Atheros
2010-08-09 17:45 . 2010-08-09 17:45	--------	d-----w-	c:\users\Seblon\AppData\Roaming\InstallShield
2010-08-09 17:35 . 2010-08-09 17:35	--------	d-----w-	c:\programdata\Ralink
2010-07-25 13:59 . 2010-07-25 13:59	--------	d-----w-	c:\windows\Presets
2010-07-25 08:59 . 2010-07-25 09:00	--------	d-----w-	c:\program files\VirtualDJ
2010-07-25 06:28 . 2010-07-25 06:31	--------	d-----w-	c:\program files\No23Live
2010-07-24 19:48 . 2010-07-24 20:04	--------	d-----w-	c:\program files\edcast
2010-07-22 12:35 . 2010-07-22 12:35	--------	d-----w-	c:\program files\Apple Software Update
2010-07-22 12:30 . 2010-07-22 12:38	--------	d-----w-	c:\program files\QuickTime
2010-07-19 18:05 . 2010-07-19 18:05	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-19 18:05 . 2010-07-19 17:58	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-07-19 18:05 . 2010-07-19 17:58	895256	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-19 18:04 . 2010-07-19 18:04	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-07-19 18:04 . 2010-07-19 18:04	57715	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-07-19 18:04 . 2010-07-29 16:20	--------	d-----w-	c:\users\Seblon\AppData\Roaming\DivX
2010-07-19 18:02 . 2010-07-19 18:02	54073	----a-w-	c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-19 18:02 . 2010-07-19 18:02	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-07-19 18:02 . 2010-07-19 18:02	56969	----a-w-	c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-07-19 17:58 . 2010-07-19 18:04	--------	d-----w-	c:\program files\DivX
2010-07-19 17:58 . 2010-07-19 18:04	--------	d-----w-	c:\programdata\DivX

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 17:24 . 2010-02-24 23:26	--------	d-----w-	c:\users\Seblon\AppData\Roaming\Skype
2010-08-15 17:22 . 2010-02-25 10:51	--------	d-----w-	c:\users\Seblon\AppData\Roaming\ICQ
2010-08-15 14:04 . 2010-02-24 23:27	--------	d-----w-	c:\users\Seblon\AppData\Roaming\skypePM
2010-08-15 09:26 . 2010-08-15 09:26	128	----a-w-	c:\windows\Fonts\unkjbm
2010-08-13 13:34 . 2010-02-24 23:50	--------	d-----w-	c:\users\Seblon\AppData\Roaming\Winamp
2010-08-12 19:52 . 2010-07-11 07:34	--------	d-----w-	c:\program files\ICQ7.2
2010-08-11 13:45 . 2010-02-24 23:15	--------	d-----w-	c:\users\Seblon\AppData\Roaming\FileZilla
2010-08-09 18:38 . 2010-04-28 13:33	--------	d-----w-	c:\program files\Movie Maker 2.6
2010-08-09 18:22 . 2010-08-09 18:21	--------	d--h--w-	c:\program files\Temp
2010-08-09 18:21 . 2010-08-09 18:21	--------	d-----w-	c:\program files\Realtek
2010-08-09 18:21 . 2010-02-24 23:32	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-09 18:17 . 2010-08-09 18:17	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-08-09 18:10 . 2010-08-09 18:10	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01007.Wdf
2010-08-02 14:39 . 2010-03-08 12:40	--------	d-----w-	c:\program files\Messenger Plus! Live
2010-08-02 06:19 . 2010-02-26 16:11	1	----a-w-	c:\users\Seblon\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-26 10:09 . 2009-07-14 08:47	643866	----a-w-	c:\windows\system32\perfh007.dat
2010-07-26 10:09 . 2009-07-14 08:47	126394	----a-w-	c:\windows\system32\perfc007.dat
2010-07-25 07:58 . 2010-02-24 23:57	--------	d-----w-	c:\program files\SpacialAudio
2010-07-24 19:34 . 2010-02-24 23:50	--------	d-----w-	c:\program files\Winamp
2010-07-19 18:04 . 2010-02-24 23:01	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-07-19 16:20 . 2010-06-17 13:52	1585608	----a-w-	c:\programdata\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2010-07-07 14:11 . 2010-06-21 13:33	--------	d-----w-	c:\program files\LimeWire
2010-07-02 11:47 . 2010-07-02 11:47	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-07-02 11:47 . 2010-07-02 07:02	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-07-02 11:46 . 2010-07-02 11:47	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-07-02 11:45 . 2010-04-28 12:34	--------	d-----w-	c:\program files\Lavasoft
2010-07-02 11:45 . 2010-07-02 11:45	--------	dc-h--w-	c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-07-01 16:35 . 2010-02-24 23:52	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2010-06-27 11:58 . 2010-06-27 11:58	--------	d-----w-	c:\program files\Gamigo Games
2010-06-27 10:53 . 2010-06-27 10:53	--------	d-----w-	c:\programdata\PMB Files
2010-06-27 10:52 . 2010-06-27 10:52	--------	d-----w-	c:\program files\Pando Networks
2010-06-24 18:03 . 2010-05-07 19:10	--------	d-----w-	c:\programdata\Zylom
2010-06-21 13:32 . 2010-06-21 13:02	--------	d-----w-	c:\program files\Filetopia3
2010-06-17 14:17 . 2010-06-17 14:17	1662976	----a-w-	c:\programdata\Skype\Plugins\Plugins\5F4F26549C094CDEA4BA0531F053A953\LoveChat.dll
2010-06-17 14:10 . 2010-06-17 14:10	53760	----a-w-	c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2010-06-17 14:10 . 2010-06-17 14:10	868352	----a-w-	c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2010-06-17 14:10 . 2010-06-17 14:10	640000	----a-w-	c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2010-06-17 14:10 . 2010-06-17 14:10	1712128	----a-w-	c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2010-06-17 14:06 . 2010-06-17 14:06	1856000	----a-w-	c:\programdata\Skype\Plugins\Plugins\C764B54920584E4DB6ED22C76181C663\Skype_ICQ.dll
2010-06-17 13:50 . 2010-06-17 13:50	444416	----a-w-	c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\setup.exe
2010-06-17 13:50 . 2010-06-17 13:50	29184	----a-w-	c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\WBMLauncher.exe
2010-06-08 15:41 . 2010-04-21 18:07	115584	----a-w-	c:\programdata\WebEx\WebEx\926\atasnt40.dll
2010-06-02 08:28 . 2010-06-09 08:04	865792	----a-w-	c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-06-23 110592]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-09 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Motor_Tracking_Tool"="c:\windows\Twain_32\USB2.0 Motor Tracking Camera\MTTool.exe" [2006-08-22 602168]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-05-23 253952]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-21 217088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-17 1565992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-03 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-03 143872]

c:\users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AnGeL.exe - Verknpfung.lnk - d:\c\seblon\Desktop\Bot\AnGeL.exe [2010-2-24 507904]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-25 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Seblon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-07-23 14:49	1755960	----a-w-	c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44	3883840	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STICAP]
2005-07-07 15:27	151552	----a-w-	c:\windows\twain_32\USB2.0 Motor Tracking Camera\SnapTrap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44	85160	----a-w-	c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-02 1352832]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-05-06 23456]
R3 SQTECH930B;USB 2.0 Motor Tracking Camera;c:\windows\system32\Drivers\Capt930b.sys [2006-09-07 376374]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2010-05-02 5027328]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-02 64288]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 108289]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 65536]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 1527893]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - BMLoad
*Deregistered* - jzhkpqtl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-08-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.youth-fm.de/index.htm
IE: Google AdSense Preview-Tool - hxxp://pagead2.googlesyndication.com/pagead/preview/de/preview.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.youth-fm.de/
FF - component: c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\Seblon\AppData\Roaming\Mozilla\Firefox\Profiles\pa69l60d.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Seblon\AppData\Roaming\Mozilla\plugins\npatgpc.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jzhkpqtl]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\users\Seblon\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-15  19:43:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-15 17:43
ComboFix2.txt  2010-08-14 23:28

Vor Suchlauf: 29 Verzeichnis(se), 45.363.085.312 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 45.211.250.688 Bytes frei

- - End Of File - - D2014812958B3042F34FDFF4AFBD6BFC
         

Alt 15.08.2010, 19:32   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.08.2010, 21:01   #15
seblon
 
RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Standard

RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys



GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-15 21:59:33
Windows 6.1.7600 
Running: i8x9d6uf.exe; Driver: C:\Users\Seblon\AppData\Local\Temp\kxryrkob.sys


---- System - GMER 1.0.15 ----

SSDT            8C7090E4                                                                                                                                                                                                                    ZwCreateThread
SSDT            8C7090D0                                                                                                                                                                                                                    ZwOpenProcess
SSDT            8C7090D5                                                                                                                                                                                                                    ZwOpenThread
SSDT            8C7090DF                                                                                                                                                                                                                    ZwTerminateProcess

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                                                                                    83049AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                                                                                    83049104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                                                                                    830493F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                                                                                    83031634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                                                                                    83031898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                                                                                    830491DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                                                                                    83049958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                                                                                    830496F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                                                                                    83049F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                                                                                                                    8304A1A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                                                                                                             82C62599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                                      82C86F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 34C                                                                                                                                                                                         82C8E85C 4 Bytes  [E4, 90, 70, 8C] {IN AL, 0x90; JO 0xffffffffffffff90}
.text           ntkrnlpa.exe!RtlSidHashLookup + 4E8                                                                                                                                                                                         82C8E9F8 4 Bytes  [D0, 90, 70, 8C]
.text           ntkrnlpa.exe!RtlSidHashLookup + 508                                                                                                                                                                                         82C8EA18 4 Bytes  JMP F359BF9F 
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                                                                                                                         82C8ECC8 4 Bytes  [DF, 90, 70, 8C]
?               System32\Drivers\jzhkpqtl.sys                                                                                                                                                                                               Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text           peauth.sys                                                                                                                                                                                                                  AC89AC9D 28 Bytes  [1E, AC, AD, 53, AD, 4F, 70, ...]
.text           peauth.sys                                                                                                                                                                                                                  AC89ACC1 28 Bytes  [1E, AC, AD, 53, AD, 4F, 70, ...]
PAGE            peauth.sys                                                                                                                                                                                                                  AC8A0E20 101 Bytes  [26, 0D, FC, 0E, BC, 4A, 10, ...]
PAGE            peauth.sys                                                                                                                                                                                                                  AC8A102C 1 Byte  [41]
PAGE            peauth.sys                                                                                                                                                                                                                  AC8A102C 102 Bytes  [41, 55, 46, D5, AB, 0C, 73, ...]
?               C:\Users\Seblon\AppData\Local\Temp\mbr.sys                                                                                                                                                                                  Das System kann die angegebene Datei nicht finden. !
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                                                                                                                  Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc]                                                                                                                                             [73F72494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup]                                                                                                                                        [73F55624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown]                                                                                                                                       [73F556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree]                                                                                                                                              [73F7250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                                                                                                                    [73F68573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage]                                                                                                                                      [73F64D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth]                                                                                                                                     [73F650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight]                                                                                                                                    [73F651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                                                                                                           [73F666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                                                                                                                     [73F682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode]                                                                                                                                [73F68819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                                                                                                                              [73F6907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                                                                                                                    [73F6E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.exe[3052] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage]                                                                                                                                        [73F64C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                                                                                      871BC480

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                                                                     Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                                                                     Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                                                                                     Lbd.sys (Boot Driver/Lavasoft AB)

Device          \Driver\ACPI_HAL \Device\00000063                                                                                                                                                                                           halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                    fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015831212e7                                                                                                                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\services\jzhkpqtl@Type                                                                                                                                                                        1
Reg             HKLM\SYSTEM\CurrentControlSet\services\jzhkpqtl@Start                                                                                                                                                                       0
Reg             HKLM\SYSTEM\CurrentControlSet\services\jzhkpqtl@ErrorControl                                                                                                                                                                0
Reg             HKLM\SYSTEM\CurrentControlSet\services\jzhkpqtl@Group                                                                                                                                                                       Boot Bus Extender
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015831212e7 (not active ControlSet)                                                                                                                             
Reg             HKLM\SYSTEM\ControlSet002\services\jzhkpqtl@Type                                                                                                                                                                            1
Reg             HKLM\SYSTEM\ControlSet002\services\jzhkpqtl@Start                                                                                                                                                                           0
Reg             HKLM\SYSTEM\ControlSet002\services\jzhkpqtl@ErrorControl                                                                                                                                                                    0
Reg             HKLM\SYSTEM\ControlSet002\services\jzhkpqtl@Group                                                                                                                                                                           Boot Bus Extender
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Seblon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk  1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk                   1

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Antwort

Themen zu RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys
antivir, avira, avira antivir, c:\windows, datei, dateien, entfernen, fehler, fund, guten, infizierte, infizierte dateien, klicke, logfile, löschen, malwarebytes, meldung, neustart, nicht gefunden, quelldatei, rootkit, rootkits, suche, system, system32, warnung, windows



Ähnliche Themen: RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys


  1. C:\Windows\System32\Drivers\spxi.sys
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (2)
  2. Trojan.Bubnix in c:\windows\system32\drivers\nqpqz.sys
    Plagegeister aller Art und deren Bekämpfung - 15.03.2011 (14)
  3. Rootkit C:\windows\system32\drivers\volmgr.sys
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (8)
  4. TR/Rootkit.Gen in C:\Windows\System32\drivers\ghldywj.sys
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (9)
  5. RKIT/Bubnix und TR/CRYPT.ZPACK -- Brauche dringend Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 14.10.2010 (2)
  6. Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys
    Plagegeister aller Art und deren Bekämpfung - 20.08.2010 (23)
  7. Rootkit in C:\Windows\system32\drivers\afkw4fu9.sys ?
    Log-Analyse und Auswertung - 08.08.2010 (4)
  8. Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (10)
  9. TR/Rootkit.Gen in C:\Windows\System32\drivers\ezokdc.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (6)
  10. Antivir - TR/Bredolab.30208 und RKIT/Bubnix.S
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (1)
  11. Datei C:\Windows\System32\drivers\mhpccj.sys
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (19)
  12. Antivir findet folgende Trojaner; TR/Bredolab.30208 und RKIT/Bubnix.S
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (14)
  13. Rootkit RKIT/Bubnix.S in C:\Windows\System32\drivers\...sys gefunden
    Log-Analyse und Auswertung - 20.05.2010 (3)
  14. RKIT/Bubnix.S HILFE
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (2)
  15. virus in windows/system32/drivers und svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (1)
  16. RKIT/Agent.483456 in C:\WINDOWS\system32
    Plagegeister aller Art und deren Bekämpfung - 11.04.2009 (26)
  17. RKIT/Agent.483856 in C:\WINDOWS\system32\drivers\ntnxf.sys
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (1)

Zum Thema RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys - Guten Morgen, leider bin ich einem RootKit zum Opfer gefallen, welches sich anscheinend nicht entfernen lässt. Sowohl Avira Antivir als auch Malwarebytes melden mir in der Datei C:\Windows\System32\drivers\jzhkpqtl.sys ein RKIT/Bubnix.AU - RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys...
Archiv
Du betrachtest: RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.