Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.08.2010, 22:02   #1
sunnyangel
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Hallo!

Habe ein kleines Problem. Hab vor 2 Tagen festgestellt, dass in meinem Facebook-Account Spam gepostet wurde. Da ich das allerdings nicht getan hab, hab ich gleich mal meinen Laptop mit Malwarebytes Anti-Malware scannen lassen und da wurde Rootkit.Bubnix gefunden. Ich habe schon versucht es mit Malwarebytes zu entfernen, aber es funktioniert nicht. Über Google bin ich dann hier gelandet und hoffe ihr könnt mir helfen.

Habe mich hier schonmal etwas schlau gemacht und GMER, OSAM, OTL und Malwarebytes Anti-Malware laufen lassen. GMER und Anti-Malware haben die qmjlmyja.sys gefunden. Ich habe noch nichts weiter versucht als den Rootkit mit Malwarebytes zu entfernen, ich will ja nichts kaputt machen. Ich hoffe ihr könnt mir helfen und mein System retten.

Vielen Dank im Voraus.

Hier nun die Logs:

Malwarebytes

Malwarebytes' Anti-Malware 1.46
h**p://www.malwarebytes.org

Datenbank Version: 4440

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

17.08.2010 20:19:06
mbam-log-2010-08-17 (20-19-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 130022
Laufzeit: 14 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\system32\Drivers\qmjlmyja.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.


OSAM

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
h**p://www.online-solutions.ru/en/
Saved at 21:00:13 on 17.08.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"dtllusbg" (dtllusbg) - ? - C:\Windows\system32\drivers\dtllusbg.sys  (File not found)
"FNETURPX" (FNETURPX) - "FNet Co., Ltd." - C:\Windows\System32\drivers\FNETURPX.SYS
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys
"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys
"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys
"PolderbitS Audio Driver" (PbsAuDrv) - ? - C:\Windows\System32\drivers\pbsaudrv.sys  (File not found)
"qmjlmyja" (qmjlmyja) - ? - C:\Windows\system32\drivers\qmjlmyja.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys
"ylrggnz" (ylrggnz) - ? - C:\Windows\system32\drivers\ylrggnz.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{0FB6A909-6086-458F-BD92-1F8EE10042A0} "AC-Pro" - "SimplyGen" - C:\Program Files\AutocompletePro\AutocompletePro.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} "{31FF080D-12A3-439A-A2EF-4BA95A3148E8}" - ? -   (File not found | COM-object registry key not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Arlette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
"CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\Windows\system32\NeroCheck.exe
"PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files\WinPcap\rpcapd.exe
         

GMER

Code:
ATTFilter
GMER 1.0.15.15281 - h**p://www.gmer.net
Rootkit scan 2010-08-17 21:41:36
Windows 6.0.6002 Service Pack 2
Running: 7z9yrzf5.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldqfow.sys


---- Kernel code sections - GMER 1.0.15 ----

?               System32\drivers\bdavet.sys                                                                                                                   Das System kann den angegebenen Pfad nicht finden. !
?               System32\Drivers\qmjlmyja.sys                                                                                                                 Ein an das System angeschlossenes Gerät funktioniert nicht. !
init            C:\Windows\System32\drivers\FNETURPX.SYS                                                                                                      entry point in "init" section [0x8F5FA380]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[616] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9                                                                     7645B364 4 Bytes  [20, 28, 00, 10] {AND [EAX], CH; ADD [EAX], DL}
.text           C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!SetScrollRange                                                            7707D185 5 Bytes  JMP 003623F0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!GetSysColorBrush                                                          7707E21C 5 Bytes  JMP 003624E0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!GetScrollInfo                                                             7707F073 7 Bytes  JMP 003622C0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!ShowScrollBar                                                             7707F8AE 5 Bytes  JMP 00362440 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!SetScrollInfo                                                             770871D8 7 Bytes  JMP 00362370 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!GetSysColor                                                               77089BF6 5 Bytes  JMP 00362480 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!EnableScrollBar                                                           7709AF53 7 Bytes  JMP 00362280 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!GetScrollPos                                                              770A337D 5 Bytes  JMP 00362300 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!GetScrollRange                                                            770A34A5 5 Bytes  JMP 00362330 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!SetScrollPos                                                              770A3602 5 Bytes  JMP 003623B0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                          [747F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                           [7484A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                       [747FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                 [747EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                           [747F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                        [747EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                            [74828395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                               [747FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                       [747EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                        [747EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                         [747E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                 [7487CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                    [7481C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                       [747ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                 [747E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                [747E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                   [747F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                    [10002A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                        [10001E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                                  [10002D50] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT             C:\Windows\Explorer.EXE[616] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                    [100011D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT             C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2428] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [00AB1210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                        8717FE18

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service          (*** hidden *** )                                                                                                                            [BOOT] qmjlmyja                                                                                                                                                       <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\qmjlmyja@Type                                                                                          1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\qmjlmyja@Start                                                                                         0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\qmjlmyja@ErrorControl                                                                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\qmjlmyja@Group                                                                                         Boot Bus Extender
Reg             HKLM\SYSTEM\ControlSet006\Services\qmjlmyja@Type                                                                                              1
Reg             HKLM\SYSTEM\ControlSet006\Services\qmjlmyja@Start                                                                                             0
Reg             HKLM\SYSTEM\ControlSet006\Services\qmjlmyja@ErrorControl                                                                                      0
Reg             HKLM\SYSTEM\ControlSet006\Services\qmjlmyja@Group                                                                                             Boot Bus Extender

---- EOF - GMER 1.0.15 ----
         

OTL

Code:
ATTFilter
OTL logfile created on: 17.08.2010 21:45:17 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Volume C\Meine Programme
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 121,55 Gb Total Space | 53,63 Gb Free Space | 44,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 101,57 Gb Total Space | 46,95 Gb Free Space | 46,22% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 23,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Volume C\Meine Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Mobile Partner\Mobile Partner.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Volume C\Meine Programme\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PbsAuDrv) -- C:\Windows\System32\drivers\pbsaudrv.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (dtllusbg) -- C:\Windows\System32\drivers\dtllusbg.sys File not found
DRV - (FNETURPX) -- C:\Windows\System32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = h**p://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "h**p://www.google.de/"
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.05.06 23:56:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
 
[2009.11.06 02:32:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.17 11:19:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions
[2010.08.12 13:55:02 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010.08.01 13:02:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.16 16:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010.07.28 23:06:14 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.28 23:06:14 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.28 23:06:14 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.28 23:06:14 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.28 23:06:14 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.17 20:29:13 | 000,416,646 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14382 more lines...
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Video Converter... - C:\Program Files\Media Player Utilities 5.20\AVIConverter\grab.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.07 22:58:08 | 000,000,052 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{112b34c3-d857-11de-b809-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{112b34c3-d857-11de-b809-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1fb025c6-f3a0-11de-86c2-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{1fb025c6-f3a0-11de-86c2-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1fb025c8-f3a0-11de-86c2-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{1fb025c8-f3a0-11de-86c2-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{25885557-0088-11df-8c87-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{25885557-0088-11df-8c87-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{25885559-0088-11df-8c87-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{25885559-0088-11df-8c87-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{620b8196-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{620b8196-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{620b8198-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{620b8198-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{620b81b6-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{620b81b6-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{6e0a798e-d6f1-11de-ac0d-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e0a798e-d6f1-11de-ac0d-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{6e0a7990-d6f1-11de-ac0d-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e0a7990-d6f1-11de-ac0d-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7f3fbf30-c3ad-11de-a18a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{7f3fbf30-c3ad-11de-a18a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7f3fbf33-c3ad-11de-a18a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{7f3fbf33-c3ad-11de-a18a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{b1b530dc-d826-11de-96a7-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{b1b530dc-d826-11de-96a7-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{b1b530ff-d826-11de-96a7-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{b1b530ff-d826-11de-96a7-001f16bb269c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{bb601a8c-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb601a8c-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{bb601ab3-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb601ab3-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{bb601ac8-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb601ac8-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{c7b38800-d773-11de-a34a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{c7b38800-d773-11de-a34a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c7b3881f-d773-11de-a34a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{c7b3881f-d773-11de-a34a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.13 01:29:06 | 000,000,000 | ---D | C] -- C:\MRecord
[2010.08.12 16:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NtiDvdCopy
[2010.08.12 15:31:11 | 000,000,000 | ---D | C] -- C:\Users\Arlette\AppData\Roaming\xVideoServiceThief
[2010.08.12 15:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Xesc & Technology
[2010.08.12 15:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2010.08.12 15:16:06 | 000,000,000 | ---D | C] -- C:\Users\Arlette\AppData\Local\StreamRecorder
[2010.08.12 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\StreamboxVcrSuite2
[2010.08.12 15:06:06 | 000,000,000 | ---D | C] -- C:\temp
[2010.08.12 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\Arlette\Documents\DonationCoder
[2010.08.12 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\Arlette\AppData\Roaming\DonationCoder
[2010.08.12 14:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010.08.12 14:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\URLSnooper2
[2010.08.12 14:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\WMR14
[2010.08.12 13:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2010.08.12 13:50:18 | 000,000,000 | ---D | C] -- C:\Users\Arlette\Documents\Freecorder 4
[2010.08.12 13:50:18 | 000,000,000 | ---D | C] -- C:\Users\Arlette\AppData\Local\FLVService
[2010.08.12 13:50:14 | 000,000,000 | ---D | C] -- C:\Windows\Freecorder
[2010.08.12 13:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2010.08.12 13:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Engelmann Media
[2010.08.12 13:43:28 | 000,000,000 | ---D | C] -- C:\Users\Arlette\AppData\Roaming\Engelmann Media
[2010.08.12 13:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Engelmann Media
[2010.08.12 13:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010.08.01 16:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET
[2010.08.01 16:38:57 | 000,007,040 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETURPX.SYS
[2010.08.01 16:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\PcCloneEX
[2009.08.07 01:26:00 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.17 21:46:12 | 000,565,280 | ---- | M] () -- C:\Windows\System32\drivers\qmjlmyja.sys
[2010.08.17 21:44:49 | 007,602,176 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.17 20:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.17 20:46:53 | 000,005,908 | ---- | M] () -- C:\Users\***\Documents\cc_20100817_204648.reg
[2010.08.17 20:29:13 | 000,416,646 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.17 20:23:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.17 20:23:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.17 20:21:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.17 20:21:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.17 20:21:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.17 20:20:41 | 3146,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.17 20:19:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.17 20:19:30 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.17 20:19:29 | 006,208,119 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.17 19:33:02 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{46CCB267-0AB0-40E7-9B58-D3DE27FB2FC2}.job
[2010.08.17 02:07:55 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.17 02:07:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.17 02:07:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.17 02:07:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.17 02:07:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.17 02:06:36 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.17 02:06:34 | 000,243,712 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.12 16:13:32 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2010.08.12 15:30:11 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\xVST.lnk
[2010.08.12 14:55:34 | 000,000,046 | ---- | M] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010.08.12 13:10:39 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010.08.10 12:45:12 | 000,415,906 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100817-202913.backup
[2010.08.10 00:38:46 | 000,001,410 | ---- | M] () -- C:\Users\***\Documents\cc_20100810_003835.reg
[2010.08.06 19:44:27 | 000,266,629 | ---- | M] () -- C:\Users\***\Desktop\IMG_0012.jpg
[2010.08.01 16:38:57 | 000,007,040 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETURPX.SYS
[2010.07.28 15:19:29 | 000,049,510 | ---- | M] () -- C:\Users\***\Documents\cc_20100728_151923.reg
[2010.07.23 14:33:36 | 000,033,792 | ---- | M] () -- C:\Users\***\Desktop\Your order confirmation.doc
[2010.07.20 11:58:17 | 000,080,896 | ---- | M] () -- C:\Users\***\Desktop\Julia   EXTRA 2.doc
 
========== Files Created - No Company Name ==========
 
[2010.08.17 20:46:51 | 000,005,908 | ---- | C] () -- C:\Users\***\Documents\cc_20100817_204648.reg
[2010.08.12 15:30:11 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\xVST.lnk
[2010.08.12 14:55:34 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010.08.12 13:10:39 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010.08.10 00:38:44 | 000,001,410 | ---- | C] () -- C:\Users\***\Documents\cc_20100810_003835.reg
[2010.08.06 19:44:45 | 000,266,629 | ---- | C] () -- C:\Users\***\Desktop\IMG_0012.jpg
[2010.07.28 15:19:25 | 000,049,510 | ---- | C] () -- C:\Users\***\Documents\cc_20100728_151923.reg
[2010.07.23 14:33:36 | 000,033,792 | ---- | C] () -- C:\Users\***\Desktop\Your order confirmation.doc
[2010.07.16 01:35:33 | 000,565,280 | ---- | C] () -- C:\Windows\System32\drivers\qmjlmyja.sys
[2010.07.15 14:58:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.07.15 13:22:20 | 000,000,264 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.06.14 02:22:27 | 000,000,012 | ---- | C] () -- C:\Users\***\AppData\Roaming\qcopjv.dat
[2010.05.06 23:45:33 | 000,000,024 | ---- | C] () -- C:\Windows\System32\Drv32_16.ini
[2009.12.24 18:23:55 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.12.24 18:21:02 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2009.10.25 10:59:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.25 10:41:58 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.10.23 11:24:20 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.10.23 11:24:08 | 000,243,712 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.23 10:54:36 | 000,000,262 | ---- | C] () -- C:\Windows\WINCMD.INI
[2009.10.23 10:39:41 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.10.22 21:09:42 | 000,000,084 | ---- | C] () -- C:\Windows\winamp.ini
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.10.20 11:31:47 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.10.20 10:02:24 | 000,006,080 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.08.07 01:12:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2009.08.07 01:12:47 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.08.06 16:55:41 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 05:26:46 | 000,004,536 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3B71D0B4
< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 17.08.2010 21:45:17 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Volume C\Meine Programme
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 121,55 Gb Total Space | 53,63 Gb Free Space | 44,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 101,57 Gb Total Space | 46,95 Gb Free Space | 46,22% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 23,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ARLETTE-PC
Current User Name: Arlette
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{126358A5-E5FE-4812-8D21-64AAA618A534}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2D731802-66E1-4AFD-8D54-9AC1EFCD7B92}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3C53CDF5-F302-4CE3-8E40-B2224BEC51A8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3E8AD33E-B221-418D-B725-5CC58DCAAABF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{405B78A8-FA15-4A94-8F88-BB2D6B844F0F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4587DB08-D31B-4D44-92D1-0390F3A9F467}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50FDBF99-38CB-4AB3-9DB5-52FF23997EFF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5AB1CA18-245A-476A-8F7F-919EC9C3099C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{65FA6840-0468-424E-B760-E178F340B827}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6CD8DD6C-7820-49C9-B63F-CA126B53B8FF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7ED51CF5-52C7-4B21-B7D3-03CB0403B2CD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8D6191C0-FA3D-4F40-ACF0-03A48B857C74}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8EAD9444-CAE7-4AFB-9730-FCE9C7C6566C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{91882B20-2B95-4FC7-B9D4-D71E9FDF1DAB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9358EEEF-BB5A-441F-9C63-6B0682426CD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A3CB069B-C76B-432C-8955-F40A715A9BB6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B5EFC25D-836E-47AB-B28E-A7CBC1EAB2E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CCBCDBC1-71F7-46C7-AECA-84CC331C1B83}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EA2DDBE6-B945-42D9-9D11-A247139F98F8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F2367DF6-C14E-49A8-99F4-F8FF6A0AD69E}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{144FF92C-E26D-4D21-AADD-302EA333DDDA}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{1FE3789A-1AAD-44B4-9752-97ABEA3DE6A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{231F976C-1FE7-42E8-A795-29F6BFD2A2B0}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{2794FFE9-F3F8-412C-B41D-C41C3A843F47}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2C4C32CE-3BD1-4E53-8C2F-EFFEEECFC74A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F22C011-2E17-4D3C-9E20-CB0F5DABD3FB}" = protocol=6 | dir=in | app=c:\windows\system32\services.exe | 
"{3614DA65-603B-43D0-A4AB-DD5E5F71489B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{695B5477-A14F-4F51-AC46-704250CC933B}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{7FC3F7C3-80E1-452B-8F96-2ACFA738A646}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{849BD9DC-05DF-4D33-A204-580B657BB077}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{87DB95DA-FE64-4275-B28C-C132B5A916F3}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A906FF09-D090-4898-AFAC-30ED204F144E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{ACD2C83F-2E31-492F-A786-0C184946EE9A}" = protocol=17 | dir=in | app=c:\windows\system32\services.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{AFB73EEE-B406-41E8-A681-722EA06F8338}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B848D883-AA2A-4EE9-97BB-273829259272}" = protocol=17 | dir=in | app=c:\windows\system32\services.exe | 
"{BE2713BE-367C-4A26-AC89-43807A712E8C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{D0CEC8EF-E286-42EC-BDA7-9C2E9B0D54C4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{D4E1FDF0-D03F-4F74-9FAC-C81503ED227A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{DD75891E-0793-4132-A1C4-22AB9EE5860F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{E67122C1-B020-400F-A24E-A1949CCDD590}" = protocol=6 | dir=in | app=c:\windows\system32\services.exe | 
"TCP Query User{00128C65-7E74-4D7F-83A6-B9698D7C7817}C:\users\arlette\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\arlette\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{1CAB2790-B6E0-4D67-B375-BDCBB55E8D62}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{3544F028-021E-4906-9CBB-B554E21A6D93}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"TCP Query User{3F74D9FE-1BA1-4D31-8855-494121681540}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"TCP Query User{8E2F95FA-A399-4F5F-AB55-7A121CEF1789}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{BB39ADFA-FDAA-433E-ACBB-F861AE859752}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{D9C39C55-F5FE-4EA0-9F91-DE1F1566FF14}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{F5B91AA5-3C3C-4514-B31C-1E4BCE9B0F9D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{16C889E2-CDFE-4ED1-AD96-1C268C285C7C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{190703EF-07B8-4A74-84EF-C8AB9F38A6DE}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{2BF179D2-1670-45FA-BEC5-D44631CA18D6}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{2F950FF6-587F-4720-9E59-B96CB7B879B7}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{30524D6A-6226-4190-9D4F-DBFCF21CCD4D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{352BEF6C-3DBC-4BC8-B4FE-BCE596C9B698}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{959CE8CD-864C-4726-B5B4-4C8934289EA3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{C30D72C2-E10C-4CF1-8FBF-F1FEAE3CCACB}C:\users\arlette\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\arlette\appdata\roaming\wuala\wuala.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{32D4851C-399A-4C02-A961-6A56178004B9}" = Hama Webcam Suite
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}" = Media Player Utilities 5.20
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD2F9F4-A0EA-4563-B410-95F4EAB9C04E}" = xVideoServiceThief
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audiograbber" = Audiograbber 1.83 SE 
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PcCloneEX" = PcCloneEX
"RealPlayer 12.0" = RealPlayer
"RescuePRO-Deluxe" = RescuePRO Deluxe 4.0
"Riva FLV Player_is1" = Riva FLV Player
"Totalcmd" = Total Commander (Remove or Repair)
"Video Encoder_is1" = Video Encoder 1.2
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.08.2010 05:43:12 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.08.2010 05:43:12 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.08.2010 05:43:51 | Computer Name = Arlette-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.08.2010 15:39:16 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.08.2010 15:39:16 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.08.2010 15:40:01 | Computer Name = Arlette-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.08.2010 05:58:22 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.08.2010 05:58:22 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.08.2010 05:58:57 | Computer Name = Arlette-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.08.2010 07:23:29 | Computer Name = Arlette-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel
 0x4bdfa327, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18928, Zeitstempel 
0x4bdfb76d, Ausnahmecode 0xc0000005, Fehleroffset 0x000a0e1d,  Prozess-ID 0x1484, 
Anwendungsstartzeit 01cb37ac8cd4c74c.
 
[ System Events ]
Error - 14.08.2010 06:44:52 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.08.2010 17:23:09 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.08.2010 03:46:05 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.08.2010 13:39:33 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.08.2010 07:40:37 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.08.2010 18:55:29 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.08.2010 20:09:04 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7043
Description = 
 
Error - 17.08.2010 04:50:36 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.08.2010 13:31:12 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.08.2010 14:22:16 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Alt 17.08.2010, 22:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Zitat:
"dtllusbg" (dtllusbg) - ? - C:\Windows\system32\drivers\dtllusbg.sys (File not found)
"qmjlmyja" (qmjlmyja) - ? - C:\Windows\system32\drivers\qmjlmyja.sys (Hidden registry entry, rootkit activity | File not found)
"ylrggnz" (ylrggnz) - ? - C:\Windows\system32\drivers\ylrggnz.sys (File not found)
Bitte erstmal diese drei Einträge mit OSAM deaktivieren und löschen. Poste danach ein neues osam Logfile.
__________________

__________________

Alt 17.08.2010, 22:44   #3
sunnyangel
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Einträge deaktiviert und gelöscht.

Hier das neue Logfile:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
h**p://www.online-solutions.ru/en/
Saved at 23:40:31 on 17.08.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"FNETURPX" (FNETURPX) - "FNet Co., Ltd." - C:\Windows\System32\drivers\FNETURPX.SYS
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys
"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys
"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys
"PolderbitS Audio Driver" (PbsAuDrv) - ? - C:\Windows\System32\drivers\pbsaudrv.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{0FB6A909-6086-458F-BD92-1F8EE10042A0} "AC-Pro" - "SimplyGen" - C:\Program Files\AutocompletePro\AutocompletePro.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} "{31FF080D-12A3-439A-A2EF-4BA95A3148E8}" - ? -   (File not found | COM-object registry key not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
"CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\Windows\system32\NeroCheck.exe
"PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files\WinPcap\rpcapd.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
__________________

Alt 18.08.2010, 08:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Bitte jetzt einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach brauch ich ein frisches OTL-Logfile, die extras brauch ich aber nicht nochmal.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.08.2010, 20:32   #5
sunnyangel
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Hier der Vollscan von Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4445

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

18.08.2010 21:24:12
mbam-log-2010-08-18 (21-24-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|H:\|)
Durchsuchte Objekte: 443913
Laufzeit: 2 Stunde(n), 18 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


OTL

Code:
ATTFilter
OTL logfile created on: 18.08.2010 21:25:34 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Volume C\Meine Programme
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 121,55 Gb Total Space | 53,19 Gb Free Space | 43,76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 101,57 Gb Total Space | 46,95 Gb Free Space | 46,22% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 23,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Volume C\Meine Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Mobile Partner\Mobile Partner.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Volume C\Meine Programme\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PbsAuDrv) -- C:\Windows\System32\drivers\pbsaudrv.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (FNETURPX) -- C:\Windows\System32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.05.06 23:56:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
 
[2009.11.06 02:32:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.18 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions
[2010.08.12 13:55:02 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010.08.01 13:02:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.16 16:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010.07.28 23:06:14 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.28 23:06:14 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.28 23:06:14 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.28 23:06:14 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.28 23:06:14 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.17 20:29:13 | 000,416,646 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14382 more lines...
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Video Converter... - C:\Program Files\Media Player Utilities 5.20\AVIConverter\grab.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.07 22:58:08 | 000,000,052 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{112b34c3-d857-11de-b809-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{112b34c3-d857-11de-b809-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1fb025c6-f3a0-11de-86c2-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{1fb025c6-f3a0-11de-86c2-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1fb025c8-f3a0-11de-86c2-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{1fb025c8-f3a0-11de-86c2-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{25885557-0088-11df-8c87-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{25885557-0088-11df-8c87-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{25885559-0088-11df-8c87-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{25885559-0088-11df-8c87-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{620b8196-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{620b8196-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{620b8198-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{620b8198-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{620b81b6-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{620b81b6-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{6e0a798e-d6f1-11de-ac0d-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e0a798e-d6f1-11de-ac0d-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{6e0a7990-d6f1-11de-ac0d-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e0a7990-d6f1-11de-ac0d-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7f3fbf30-c3ad-11de-a18a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{7f3fbf30-c3ad-11de-a18a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7f3fbf33-c3ad-11de-a18a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{7f3fbf33-c3ad-11de-a18a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{b1b530dc-d826-11de-96a7-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{b1b530dc-d826-11de-96a7-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{b1b530ff-d826-11de-96a7-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{b1b530ff-d826-11de-96a7-001f16bb269c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{bb601a8c-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb601a8c-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{bb601ab3-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb601ab3-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{bb601ac8-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb601ac8-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{c7b38800-d773-11de-a34a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{c7b38800-d773-11de-a34a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c7b3881f-d773-11de-a34a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{c7b3881f-d773-11de-a34a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.17 23:23:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Online Solutions
[2010.08.13 01:29:06 | 000,000,000 | ---D | C] -- C:\MRecord
[2010.08.12 16:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NtiDvdCopy
[2010.08.12 15:31:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xVideoServiceThief
[2010.08.12 15:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Xesc & Technology
[2010.08.12 15:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2010.08.12 15:16:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\StreamRecorder
[2010.08.12 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\StreamboxVcrSuite2
[2010.08.12 15:06:06 | 000,000,000 | ---D | C] -- C:\temp
[2010.08.12 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DonationCoder
[2010.08.12 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DonationCoder
[2010.08.12 14:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010.08.12 14:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\URLSnooper2
[2010.08.12 14:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\WMR14
[2010.08.12 13:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2010.08.12 13:50:18 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Freecorder 4
[2010.08.12 13:50:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FLVService
[2010.08.12 13:50:14 | 000,000,000 | ---D | C] -- C:\Windows\Freecorder
[2010.08.12 13:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2010.08.12 13:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Engelmann Media
[2010.08.12 13:43:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2010.08.12 13:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Engelmann Media
[2010.08.12 13:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010.08.01 16:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET
[2010.08.01 16:38:57 | 000,007,040 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETURPX.SYS
[2010.08.01 16:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\PcCloneEX
[2009.08.07 01:26:00 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.18 21:26:38 | 007,602,176 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.18 20:58:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 20:58:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 20:47:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.18 19:02:10 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{46CCB267-0AB0-40E7-9B58-D3DE27FB2FC2}.job
[2010.08.18 18:58:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.18 18:58:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.18 18:58:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.18 18:58:05 | 3146,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.18 00:58:24 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.18 00:58:24 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.18 00:58:16 | 006,192,609 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.17 20:46:53 | 000,005,908 | ---- | M] () -- C:\Users\***\Documents\cc_20100817_204648.reg
[2010.08.17 20:29:13 | 000,416,646 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.17 02:07:55 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.17 02:07:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.17 02:07:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.17 02:07:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.17 02:07:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.17 02:06:36 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.17 02:06:34 | 000,243,712 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.12 16:13:32 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2010.08.12 15:30:11 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\xVST.lnk
[2010.08.12 14:55:34 | 000,000,046 | ---- | M] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010.08.12 13:10:39 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010.08.10 12:45:12 | 000,415,906 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100817-202913.backup
[2010.08.10 00:38:46 | 000,001,410 | ---- | M] () -- C:\Users\***\Documents\cc_20100810_003835.reg
[2010.08.06 19:44:27 | 000,266,629 | ---- | M] () -- C:\Users\***\Desktop\IMG_0012.jpg
[2010.08.01 16:38:57 | 000,007,040 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETURPX.SYS
[2010.07.28 15:19:29 | 000,049,510 | ---- | M] () -- C:\Users\***\Documents\cc_20100728_151923.reg
[2010.07.23 14:33:36 | 000,033,792 | ---- | M] () -- C:\Users\***\Desktop\Your order confirmation.doc
[2010.07.20 11:58:17 | 000,080,896 | ---- | M] () -- C:\Users\***\Desktop\Julia   EXTRA 2.doc
 
========== Files Created - No Company Name ==========
 
[2010.08.17 20:46:51 | 000,005,908 | ---- | C] () -- C:\Users\***\Documents\cc_20100817_204648.reg
[2010.08.12 15:30:11 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\xVST.lnk
[2010.08.12 14:55:34 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010.08.12 13:10:39 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010.08.10 00:38:44 | 000,001,410 | ---- | C] () -- C:\Users\***\Documents\cc_20100810_003835.reg
[2010.08.06 19:44:45 | 000,266,629 | ---- | C] () -- C:\Users\***\Desktop\IMG_0012.jpg
[2010.07.28 15:19:25 | 000,049,510 | ---- | C] () -- C:\Users\***\Documents\cc_20100728_151923.reg
[2010.07.23 14:33:36 | 000,033,792 | ---- | C] () -- C:\Users\***\Desktop\Your order confirmation.doc
[2010.07.15 14:58:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.07.15 13:22:20 | 000,000,264 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.06.14 02:22:27 | 000,000,012 | ---- | C] () -- C:\Users\***\AppData\Roaming\qcopjv.dat
[2010.05.06 23:45:33 | 000,000,024 | ---- | C] () -- C:\Windows\System32\Drv32_16.ini
[2009.12.24 18:23:55 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.12.24 18:21:02 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2009.10.25 10:59:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.25 10:41:58 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.10.23 11:24:20 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.10.23 11:24:08 | 000,243,712 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.23 10:54:36 | 000,000,262 | ---- | C] () -- C:\Windows\WINCMD.INI
[2009.10.23 10:39:41 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.10.22 21:09:42 | 000,000,084 | ---- | C] () -- C:\Windows\winamp.ini
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.10.20 11:31:47 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.10.20 10:02:24 | 000,006,080 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.08.07 01:12:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2009.08.07 01:12:47 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.08.06 16:55:41 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 05:26:46 | 000,004,536 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2009.10.20 11:40:56 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2009.08.06 16:55:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console
[2010.05.06 23:58:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audio Record Edit Toolbox
[2010.05.06 23:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audio Recorder for Free
[2010.08.12 14:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DonationCoder
[2010.08.12 13:43:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2009.10.20 10:09:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2009.10.23 10:30:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2009.10.25 10:23:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2010.01.01 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.08.17 23:30:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Online Solutions
[2010.05.25 13:59:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2009.09.29 17:29:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2009.09.29 17:29:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA
[2010.08.11 00:58:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2010.07.14 22:23:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wuala
[2010.08.12 16:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xVideoServiceThief
[2010.08.18 00:58:27 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.18 19:02:10 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{46CCB267-0AB0-40E7-9B58-D3DE27FB2FC2}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3B71D0B4
< End of report >
         


Alt 18.08.2010, 22:11   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3B71D0B4
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys

Alt 18.08.2010, 22:21   #7
sunnyangel
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
ADS C:\ProgramData\Temp:3B71D0B4 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 516188 bytes
->Temporary Internet Files folder emptied: 41999172 bytes
->Java cache emptied: 81542706 bytes
->FireFox cache emptied: 46228216 bytes
->Opera cache emptied: 632861 bytes
->Flash cache emptied: 4917 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 163,00 mb
 
 
OTL by OldTimer - Version 3.2.10.0 log created on 08182010_231532

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 19.08.2010, 10:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.08.2010, 12:36   #9
sunnyangel
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Code:
ATTFilter
ComboFix 10-08-18.02 - *** 19.08.2010  12:50:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3000.1799 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Roaming\.#
c:\windows\system32\%appdata%

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-19 bis 2010-08-19  ))))))))))))))))))))))))))))))
.

2010-08-18 21:15 . 2010-08-18 21:15	--------	d-----w-	C:\_OTL
2010-08-17 21:23 . 2010-08-17 21:30	--------	d-----w-	c:\users\***\AppData\Roaming\Online Solutions
2010-08-12 23:29 . 2010-08-13 00:16	--------	d-----w-	C:\MRecord
2010-08-12 14:13 . 2010-08-12 14:13	--------	d-----w-	c:\programdata\NtiDvdCopy
2010-08-12 13:31 . 2010-08-12 14:10	--------	d-----w-	c:\users\***\AppData\Roaming\xVideoServiceThief
2010-08-12 13:30 . 2010-08-12 13:30	--------	d-----w-	c:\program files\Xesc & Technology
2010-08-12 13:19 . 2010-08-12 13:23	--------	d-----w-	c:\program files\NirSoft
2010-08-12 13:16 . 2010-08-12 13:16	--------	d-----w-	c:\users\***\AppData\Local\StreamRecorder
2010-08-12 13:12 . 2010-08-12 13:13	--------	d-----w-	c:\program files\StreamboxVcrSuite2
2010-08-12 13:06 . 2010-08-12 13:06	--------	d-----w-	C:\temp
2010-08-12 12:55 . 2010-08-12 12:55	46	----a-w-	c:\windows\system32\DonationCoder_urlsnooper_InstallInfo.dat
2010-08-12 12:55 . 2010-08-12 12:55	--------	d-----w-	c:\users\***\AppData\Roaming\DonationCoder
2010-08-12 12:54 . 2010-08-12 12:54	--------	d-----w-	c:\program files\WinPcap
2010-08-12 12:53 . 2010-08-12 13:03	--------	d-----w-	c:\program files\URLSnooper2
2010-08-12 12:21 . 2010-08-12 12:24	--------	d-----w-	c:\program files\WMR14
2010-08-12 11:53 . 2010-08-12 23:07	--------	d-----w-	c:\program files\Freecorder
2010-08-12 11:50 . 2010-08-12 12:02	--------	d-----w-	c:\users\***\AppData\Local\FLVService
2010-08-12 11:50 . 2010-08-12 11:50	--------	d-----w-	c:\windows\Freecorder
2010-08-12 11:45 . 2010-08-12 11:45	--------	d-----w-	c:\programdata\Licenses
2010-08-12 11:43 . 2010-08-12 11:43	--------	d-----w-	c:\programdata\Engelmann Media
2010-08-12 11:43 . 2010-08-12 11:43	--------	d-----w-	c:\users\***\AppData\Roaming\Engelmann Media
2010-08-12 11:42 . 2010-08-12 11:42	--------	d-----w-	c:\program files\Engelmann Media
2010-08-12 11:10 . 2010-08-14 22:58	--------	d-----w-	c:\program files\CamStudio
2010-08-01 14:39 . 2010-08-01 14:39	--------	d-----w-	c:\programdata\FNET
2010-08-01 14:38 . 2010-08-01 14:38	7040	----a-w-	c:\windows\system32\drivers\FNETURPX.SYS
2010-08-01 14:38 . 2010-08-01 14:38	--------	d-----w-	c:\program files\PcCloneEX

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 11:00 . 2009-10-25 09:14	--------	d-----w-	c:\users\***\AppData\Roaming\Skype
2010-08-17 18:46 . 2010-07-08 18:00	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-08-17 00:07 . 2009-03-12 10:47	628742	----a-w-	c:\windows\system32\perfh007.dat
2010-08-17 00:07 . 2009-03-12 10:47	126454	----a-w-	c:\windows\system32\perfc007.dat
2010-08-12 13:09 . 2009-02-11 20:16	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-12 11:43 . 2010-08-12 11:43	87552	----a-w-	c:\programdata\Engelmann Media\Movie Saver 2.0\HDX4VideoSites.dll
2010-08-10 22:58 . 2009-11-06 15:28	--------	d-----w-	c:\users\***\AppData\Roaming\uTorrent
2010-07-18 14:21 . 2010-07-18 14:21	--------	d-----w-	c:\program files\CCleaner
2010-07-17 22:52 . 2010-07-17 22:52	--------	d-----w-	c:\program files\Microsoft.NET
2010-07-16 13:20 . 2009-03-12 03:26	--------	d-----w-	c:\program files\Common Files\Adobe
2010-07-15 12:29 . 2010-07-15 12:29	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-07-15 12:29 . 2010-07-15 12:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-15 12:29 . 2010-07-15 12:29	--------	d-----w-	c:\programdata\Malwarebytes
2010-07-15 11:55 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-14 20:23 . 2010-07-14 20:23	408952	----a-w-	c:\users\***\AppData\Roaming\Wuala\Wuala.exe
2010-07-14 20:23 . 2010-07-14 20:23	--------	d-----w-	c:\users\***\AppData\Roaming\Wuala
2010-07-08 18:08 . 2010-07-08 18:00	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-07-08 08:19 . 2009-10-20 08:02	6080	----a-w-	c:\users\***\AppData\Local\d3d9caps.dat
2010-07-07 09:10 . 2009-09-29 12:24	71896	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-06 22:17 . 2010-07-06 22:17	--------	d-----w-	c:\program files\RescuePRO Deluxe
2010-07-06 22:17 . 2010-07-06 22:17	286720	----a-w-	c:\windows\iun507.exe
2010-06-23 22:53 . 2010-06-23 22:53	--------	d-----w-	c:\programdata\Office Genuine Advantage
2010-06-15 13:28 . 2010-06-15 13:28	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-14 00:22 . 2010-06-14 00:22	12	----a-w-	c:\users\***\AppData\Roaming\qcopjv.dat
2010-05-29 12:45 . 2010-05-29 12:45	16262	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_05FA14C1C3735749F4C846.exe
2010-05-29 12:45 . 2010-05-29 12:45	1518	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_4CD900D6B4ED749EFC3ED0.exe
2010-05-29 12:45 . 2010-05-29 12:45	1078	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_B4F3A5125982460CB1E2E4.exe
2010-05-29 12:45 . 2010-05-29 12:45	10134	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_1A5EED318EBF4D687C209E.exe
2010-05-26 17:06 . 2010-06-23 09:33	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-23 09:33	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-01-14 19:07	221568	------w-	c:\windows\system32\MpSigStub.exe
2009-10-23 09:05 . 2009-10-23 08:39	2828	--sha-w-	c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02	120104	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25607976]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-09 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-24 204800]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-28 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-06 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ff,05,bd,91,b4,5b,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-08-01 7040]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 18:13]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 18:13]

2010-08-19 c:\windows\Tasks\User_Feed_Synchronization-{46CCB267-0AB0-40E7-9B58-D3DE27FB2FC2}.job
- c:\windows\system32\msfeedssync.exe [2010-06-23 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Video Converter... - c:\program files\Media Player Utilities 5.20\AVIConverter\grab.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {4BFF367E-6293-4DA5-AB25-A9BA05D2596A} = 83.136.47.249 193.120.14.101
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hwp2ay5u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hwp2ay5u.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hwp2ay5u.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-19 13:01
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(1544)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\conime.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe
c:\users\***\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-19  13:07:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-19 11:06

Vor Suchlauf: 15 Verzeichnis(se), 57.196.429.312 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 57.011.478.528 Bytes frei

- - End Of File - - 43013120884BF26A46BEF4F0F87EAA0D
         

Alt 19.08.2010, 17:18   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.08.2010, 17:29   #11
sunnyangel
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Acer
BIOS Manufacturer:		Phoenix Technologies LTD
System Manufacturer:		Acer
System Product Name:		Aspire 5738
Logical Drives Mask:		0x0000007c

Kernel Drivers (total 157):
  0x82209000 \SystemRoot\system32\ntkrnlpa.exe
  0x825C2000 \SystemRoot\system32\hal.dll
  0x80406000 \SystemRoot\system32\kdcom.dll
  0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8047D000 \SystemRoot\system32\PSHED.dll
  0x8048E000 \SystemRoot\system32\BOOTVID.dll
  0x80496000 \SystemRoot\system32\CLFS.SYS
  0x804D7000 \SystemRoot\system32\CI.dll
  0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80695000 \SystemRoot\system32\drivers\acpi.sys
  0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806EC000 \SystemRoot\system32\drivers\pci.sys
  0x80713000 \SystemRoot\System32\drivers\partmgr.sys
  0x80722000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80725000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8072F000 \SystemRoot\system32\drivers\volmgr.sys
  0x8073E000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80788000 \SystemRoot\System32\drivers\mountmgr.sys
  0x80798000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x8A003000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A0DE000 \SystemRoot\system32\drivers\atapi.sys
  0x8A0E6000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A104000 \SystemRoot\system32\drivers\msahci.sys
  0x8A10E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8A11C000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A14E000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A15E000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8A20B000 \SystemRoot\system32\drivers\ndis.sys
  0x8A316000 \SystemRoot\system32\drivers\msrpc.sys
  0x8A341000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A402000 \SystemRoot\System32\drivers\tcpip.sys
  0x8A4EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8A603000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A713000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A74C000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A754000 \SystemRoot\System32\Drivers\mup.sys
  0x8A763000 \SystemRoot\System32\drivers\ecache.sys
  0x8A78A000 \SystemRoot\system32\drivers\disk.sys
  0x8A79B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A7BC000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8A7D2000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8A7DD000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8E205000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8E900000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8E9A1000 \SystemRoot\System32\drivers\watchdog.sys
  0x8E9AD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8E9B8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8A7E6000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8EA0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8EA9A000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
  0x8EAD4000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8EBF8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8A5E2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8EA00000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8A7F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8A37C000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x8A5F5000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8A3B0000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8E9F6000 \SystemRoot\system32\Drivers\NTIDrvr.sys
  0x8A3C8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8A3D1000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8A1CF000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x807A0000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8A3E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x807E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8A3EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x805B7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x805DA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x805E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8EE0D000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8EE22000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8EE32000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8EE34000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8EE5E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8EE68000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8EE75000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8EEAA000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8F202000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F438000 \SystemRoot\system32\drivers\portcls.sys
  0x8F465000 \SystemRoot\system32\drivers\drmk.sys
  0x8F48A000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x8F5B0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F5B2000 \SystemRoot\system32\drivers\modem.sys
  0x8F5BF000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x8F5E0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8F5F7000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8EEBB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8EECB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8EED2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8EEDB000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8EEE3000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
  0x8EEEC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8EEF5000 \SystemRoot\System32\Drivers\Null.SYS
  0x8EEFC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8F200000 \SystemRoot\System32\drivers\FNETURPX.SYS
  0x8EF03000 \SystemRoot\System32\drivers\vga.sys
  0x8EF0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8EF30000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8EF38000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8EF40000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8EF4B000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8EF59000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8EF62000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8EF78000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8EF8C000 \SystemRoot\system32\drivers\afd.sys
  0x8F60A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8F63C000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8F652000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8F660000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8F673000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8F679000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8F6B5000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F6BF000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
  0x8F6D1000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
  0x8F6DA000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8F6F1000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8F713000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8F73B000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8A507000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x96220000 \SystemRoot\System32\win32k.sys
  0x8F748000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8F752000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x96440000 \SystemRoot\System32\TSDDD.dll
  0x96460000 \SystemRoot\System32\cdd.dll
  0x8F761000 \SystemRoot\system32\drivers\luafv.sys
  0x8F77C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xAA203000 \SystemRoot\system32\drivers\spsys.sys
  0xAA2B3000 \SystemRoot\system32\DRIVERS\irda.sys
  0xAA2D1000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xAA2E1000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xAA30B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xAA315000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xAA328000 \SystemRoot\system32\drivers\HTTP.sys
  0xAA395000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xAA3B2000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xAA3CB000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x8F791000 \SystemRoot\system32\drivers\mrxdav.sys
  0xAA3E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x8F7B2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x8EFD4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xAD609000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xAD630000 \SystemRoot\System32\DRIVERS\srv.sys
  0xAD696000 \SystemRoot\system32\drivers\npf.sys
  0xAD6A5000 \SystemRoot\system32\drivers\peauth.sys
  0xAD783000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAD78D000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAD799000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xAD7C4000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
  0xAD7F2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x88C0D000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x88C2E000 \SystemRoot\system32\drivers\usbaudio.sys
  0x88C84000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x88C99000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x88CAE000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x778D0000 \Windows\System32\ntdll.dll

Processes (total 86):
       0 System Idle Process
       4 System
     480 C:\Windows\System32\smss.exe
     612 csrss.exe
     656 C:\Windows\System32\wininit.exe
     668 csrss.exe
     704 C:\Windows\System32\services.exe
     732 C:\Windows\System32\lsass.exe
     748 C:\Windows\System32\lsm.exe
     796 C:\Windows\System32\winlogon.exe
     908 C:\Windows\System32\svchost.exe
     988 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1180 C:\Windows\System32\svchost.exe
    1216 C:\Windows\System32\svchost.exe
    1296 C:\Windows\System32\audiodg.exe
    1320 C:\Windows\System32\svchost.exe
    1340 C:\Windows\System32\SLsvc.exe
    1372 C:\Windows\System32\svchost.exe
    1528 C:\Windows\System32\svchost.exe
    1844 C:\Windows\System32\spoolsv.exe
    1892 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1940 C:\Windows\System32\dwm.exe
    1976 C:\Windows\System32\svchost.exe
    2032 C:\Windows\explorer.exe
     348 C:\Windows\System32\taskeng.exe
    1236 C:\Windows\System32\agrsmsvc.exe
    2052 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2100 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    2136 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    2240 C:\Program Files\Windows Defender\MSASCui.exe
    2248 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    2256 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    2264 C:\Windows\System32\igfxtray.exe
    2272 C:\Windows\System32\hkcmd.exe
    2292 C:\Windows\System32\igfxpers.exe
    2344 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2424 C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    2472 C:\Program Files\Apoint2K\Apoint.exe
    2536 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    2600 C:\Program Files\Launch Manager\LManager.exe
    2628 C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    2644 C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    2652 C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    2660 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    2676 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2708 C:\Program Files\Java\jre6\bin\jusched.exe
    2736 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    2764 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2828 C:\Windows\ehome\ehtray.exe
    2848 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2856 C:\Windows\ehome\ehmsas.exe
    2896 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2932 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2976 C:\Windows\System32\svchost.exe
    3004 C:\Windows\System32\svchost.exe
    3080 C:\Windows\System32\svchost.exe
    3108 C:\Windows\System32\SearchIndexer.exe
    3396 C:\Windows\System32\igfxsrvc.exe
    3760 C:\Program Files\Apoint2K\ApMsgFwd.exe
    3788 C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe
    3812 C:\Program Files\Apoint2K\Hidfind.exe
    3820 C:\Program Files\Apoint2K\ApntEx.exe
    2464 WmiPrvSE.exe
     868 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1952 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    3032 C:\Windows\System32\wbem\unsecapp.exe
     876 WmiPrvSE.exe
    1492 C:\Windows\System32\igfxext.exe
    3692 C:\Windows\System32\igfxsrvc.exe
    1840 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    2568 C:\Windows\System32\wuauclt.exe
    2836 C:\Windows\System32\conime.exe
    4308 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    1284 C:\Program Files\Internet Explorer\iexplore.exe
    5804 C:\Program Files\Internet Explorer\iexplore.exe
    2552 C:\Program Files\Winamp\winamp.exe
    5888 WUDFHost.exe
    4852 C:\Program Files\Mobile Partner\Mobile Partner.exe
    4476 C:\Windows\System32\SearchProtocolHost.exe
     492 C:\Windows\System32\SearchFilterHost.exe
    4576 C:\Program Files\Internet Explorer\iexplore.exe
    6024 C:\Windows\System32\SearchProtocolHost.exe
    1420 C:\Windows\System32\dllhost.exe
    5352 C:\Users\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000020`d4500000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OC60F

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
         

Alt 19.08.2010, 17:38   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Starte bitte MBRCheck.exe erneut. (mit Rechtsklick "als Administrator starten")
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 0
  • Please select the MBR code to write to this drive: 3 (für Vista)
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu auf.
Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.08.2010, 17:50   #13
sunnyangel
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Acer
BIOS Manufacturer:		Phoenix Technologies LTD
System Manufacturer:		Acer
System Product Name:		Aspire 5738
Logical Drives Mask:		0x0000007c

Kernel Drivers (total 157):
  0x82209000 \SystemRoot\system32\ntkrnlpa.exe
  0x825C2000 \SystemRoot\system32\hal.dll
  0x80406000 \SystemRoot\system32\kdcom.dll
  0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8047D000 \SystemRoot\system32\PSHED.dll
  0x8048E000 \SystemRoot\system32\BOOTVID.dll
  0x80496000 \SystemRoot\system32\CLFS.SYS
  0x804D7000 \SystemRoot\system32\CI.dll
  0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80695000 \SystemRoot\system32\drivers\acpi.sys
  0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806EC000 \SystemRoot\system32\drivers\pci.sys
  0x80713000 \SystemRoot\System32\drivers\partmgr.sys
  0x80722000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80725000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8072F000 \SystemRoot\system32\drivers\volmgr.sys
  0x8073E000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80788000 \SystemRoot\System32\drivers\mountmgr.sys
  0x80798000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x8A003000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A0DE000 \SystemRoot\system32\drivers\atapi.sys
  0x8A0E6000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A104000 \SystemRoot\system32\drivers\msahci.sys
  0x8A10E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8A11C000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A14E000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A15E000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8A20B000 \SystemRoot\system32\drivers\ndis.sys
  0x8A316000 \SystemRoot\system32\drivers\msrpc.sys
  0x8A341000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A402000 \SystemRoot\System32\drivers\tcpip.sys
  0x8A4EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8A603000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A713000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A74C000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A754000 \SystemRoot\System32\Drivers\mup.sys
  0x8A763000 \SystemRoot\System32\drivers\ecache.sys
  0x8A78A000 \SystemRoot\system32\drivers\disk.sys
  0x8A79B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A7BC000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8A7D2000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8A7DD000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8E205000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8E900000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8E9A1000 \SystemRoot\System32\drivers\watchdog.sys
  0x8E9AD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8E9B8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8A7E6000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8EA0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8EA9A000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
  0x8EAD4000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8EBF8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8A5E2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8EA00000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8A7F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8A37C000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x8A5F5000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8A3B0000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8E9F6000 \SystemRoot\system32\Drivers\NTIDrvr.sys
  0x8A3C8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8A3D1000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8A1CF000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x807A0000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8A3E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x807E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8A3EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x805B7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x805DA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x805E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8EE0D000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8EE22000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8EE32000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8EE34000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8EE5E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8EE68000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8EE75000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8EEAA000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8F202000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F438000 \SystemRoot\system32\drivers\portcls.sys
  0x8F465000 \SystemRoot\system32\drivers\drmk.sys
  0x8F48A000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x8F5B0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F5B2000 \SystemRoot\system32\drivers\modem.sys
  0x8F5BF000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x8F5E0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8F5F7000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8EEBB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8EECB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8EED2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8EEDB000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8EEE3000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
  0x8EEEC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8EEF5000 \SystemRoot\System32\Drivers\Null.SYS
  0x8EEFC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8F200000 \SystemRoot\System32\drivers\FNETURPX.SYS
  0x8EF03000 \SystemRoot\System32\drivers\vga.sys
  0x8EF0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8EF30000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8EF38000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8EF40000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8EF4B000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8EF59000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8EF62000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8EF78000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8EF8C000 \SystemRoot\system32\drivers\afd.sys
  0x8F60A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8F63C000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8F652000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8F660000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8F673000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8F679000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8F6B5000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F6BF000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
  0x8F6D1000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
  0x8F6DA000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8F6F1000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8F713000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8F73B000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8A507000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x96220000 \SystemRoot\System32\win32k.sys
  0x8F748000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8F752000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x96440000 \SystemRoot\System32\TSDDD.dll
  0x96460000 \SystemRoot\System32\cdd.dll
  0x8F761000 \SystemRoot\system32\drivers\luafv.sys
  0x8F77C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xAA203000 \SystemRoot\system32\drivers\spsys.sys
  0xAA2B3000 \SystemRoot\system32\DRIVERS\irda.sys
  0xAA2D1000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xAA2E1000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xAA30B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xAA315000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xAA328000 \SystemRoot\system32\drivers\HTTP.sys
  0xAA395000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xAA3B2000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xAA3CB000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x8F791000 \SystemRoot\system32\drivers\mrxdav.sys
  0xAA3E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x8F7B2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x8EFD4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xAD609000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xAD630000 \SystemRoot\System32\DRIVERS\srv.sys
  0xAD696000 \SystemRoot\system32\drivers\npf.sys
  0xAD6A5000 \SystemRoot\system32\drivers\peauth.sys
  0xAD783000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAD78D000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAD799000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xAD7C4000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
  0xAD7F2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x88C0D000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x88C2E000 \SystemRoot\system32\drivers\usbaudio.sys
  0x88C84000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x88C99000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x88CAE000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x778D0000 \Windows\System32\ntdll.dll

Processes (total 83):
       0 System Idle Process
       4 System
     480 C:\Windows\System32\smss.exe
     612 csrss.exe
     656 C:\Windows\System32\wininit.exe
     668 csrss.exe
     704 C:\Windows\System32\services.exe
     732 C:\Windows\System32\lsass.exe
     748 C:\Windows\System32\lsm.exe
     796 C:\Windows\System32\winlogon.exe
     908 C:\Windows\System32\svchost.exe
     988 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1180 C:\Windows\System32\svchost.exe
    1216 C:\Windows\System32\svchost.exe
    1296 C:\Windows\System32\audiodg.exe
    1320 C:\Windows\System32\svchost.exe
    1340 C:\Windows\System32\SLsvc.exe
    1372 C:\Windows\System32\svchost.exe
    1528 C:\Windows\System32\svchost.exe
    1844 C:\Windows\System32\spoolsv.exe
    1892 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1940 C:\Windows\System32\dwm.exe
    1976 C:\Windows\System32\svchost.exe
    2032 C:\Windows\explorer.exe
     348 C:\Windows\System32\taskeng.exe
    1236 C:\Windows\System32\agrsmsvc.exe
    2052 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2100 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    2136 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    2240 C:\Program Files\Windows Defender\MSASCui.exe
    2248 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    2256 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    2264 C:\Windows\System32\igfxtray.exe
    2272 C:\Windows\System32\hkcmd.exe
    2292 C:\Windows\System32\igfxpers.exe
    2344 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2424 C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    2472 C:\Program Files\Apoint2K\Apoint.exe
    2536 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    2600 C:\Program Files\Launch Manager\LManager.exe
    2628 C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    2644 C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    2652 C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    2660 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    2676 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2708 C:\Program Files\Java\jre6\bin\jusched.exe
    2736 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    2764 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2828 C:\Windows\ehome\ehtray.exe
    2848 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2856 C:\Windows\ehome\ehmsas.exe
    2896 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2932 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2976 C:\Windows\System32\svchost.exe
    3004 C:\Windows\System32\svchost.exe
    3080 C:\Windows\System32\svchost.exe
    3108 C:\Windows\System32\SearchIndexer.exe
    3396 C:\Windows\System32\igfxsrvc.exe
    3760 C:\Program Files\Apoint2K\ApMsgFwd.exe
    3788 C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe
    3812 C:\Program Files\Apoint2K\Hidfind.exe
    3820 C:\Program Files\Apoint2K\ApntEx.exe
    2464 WmiPrvSE.exe
     868 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1952 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    3032 C:\Windows\System32\wbem\unsecapp.exe
     876 WmiPrvSE.exe
    1492 C:\Windows\System32\igfxext.exe
    3692 C:\Windows\System32\igfxsrvc.exe
    1840 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    2568 C:\Windows\System32\wuauclt.exe
    2836 C:\Windows\System32\conime.exe
    4308 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    1284 C:\Program Files\Internet Explorer\iexplore.exe
    5804 C:\Program Files\Internet Explorer\iexplore.exe
    5888 WUDFHost.exe
    4852 C:\Program Files\Mobile Partner\Mobile Partner.exe
    3064 taskeng.exe
    5496 C:\Windows\System32\SearchProtocolHost.exe
    5640 C:\Windows\System32\SearchFilterHost.exe
    1856 C:\Users\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000020`d4500000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OC60F

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
 [ 0] Default (Windows Vista)
 [ 1] Windows XP
 [ 2] Windows Server 2003
 [ 3] Windows Vista
 [ 4] Windows 2008
 [ 5] Windows 7
 [-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
         

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Acer
BIOS Manufacturer:		Phoenix Technologies LTD
System Manufacturer:		Acer
System Product Name:		Aspire 5738
Logical Drives Mask:		0x0000007c

Kernel Drivers (total 155):
  0x8221A000 \SystemRoot\system32\ntkrnlpa.exe
  0x825D3000 \SystemRoot\system32\hal.dll
  0x80402000 \SystemRoot\system32\kdcom.dll
  0x80409000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80479000 \SystemRoot\system32\PSHED.dll
  0x8048A000 \SystemRoot\system32\BOOTVID.dll
  0x80492000 \SystemRoot\system32\CLFS.SYS
  0x804D3000 \SystemRoot\system32\CI.dll
  0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80689000 \SystemRoot\system32\drivers\acpi.sys
  0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E0000 \SystemRoot\system32\drivers\pci.sys
  0x80707000 \SystemRoot\System32\drivers\partmgr.sys
  0x80716000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80719000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x80723000 \SystemRoot\system32\drivers\volmgr.sys
  0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8077C000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8078C000 \SystemRoot\System32\Drivers\UBHelper.sys
  0x8A007000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A0E2000 \SystemRoot\system32\drivers\atapi.sys
  0x8A0EA000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A108000 \SystemRoot\system32\drivers\msahci.sys
  0x8A112000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8A120000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A152000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A162000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8A20D000 \SystemRoot\system32\drivers\ndis.sys
  0x8A318000 \SystemRoot\system32\drivers\msrpc.sys
  0x8A343000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A406000 \SystemRoot\System32\drivers\tcpip.sys
  0x8A4F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8A604000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A714000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A74D000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A755000 \SystemRoot\System32\Drivers\mup.sys
  0x8A764000 \SystemRoot\System32\drivers\ecache.sys
  0x8A78B000 \SystemRoot\system32\drivers\disk.sys
  0x8A79C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A7BD000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8A7D3000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8A7DE000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8E20B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8E906000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8E9A7000 \SystemRoot\System32\drivers\watchdog.sys
  0x8E9B3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8E9BE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8A7E7000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8EC03000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8EC90000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
  0x8ECCA000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8EDEE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8A5E6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8EDF2000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8E200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8A37E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x8A3B2000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8A3BD000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8A7F6000 \SystemRoot\system32\Drivers\NTIDrvr.sys
  0x8A3D5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8A3DE000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x80794000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x805B3000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8A3ED000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8A1D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8A200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x807C3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8A1EA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x807E6000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8F00E000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8F023000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F033000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F035000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F05F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8F069000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F076000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8F0AB000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8F20D000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F443000 \SystemRoot\system32\drivers\portcls.sys
  0x8F470000 \SystemRoot\system32\drivers\drmk.sys
  0x8F495000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x8F5BB000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F5BD000 \SystemRoot\system32\drivers\modem.sys
  0x8F5CA000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x8F5EB000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
  0x8F5F4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8F200000 \SystemRoot\System32\Drivers\Null.SYS
  0x8F0BC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8F207000 \SystemRoot\System32\drivers\FNETURPX.SYS
  0x8F0CC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8F0D3000 \SystemRoot\System32\drivers\vga.sys
  0x8F0DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8F100000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8F108000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8F110000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8F11B000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8F129000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8F132000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8F148000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8F15F000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8F173000 \SystemRoot\system32\drivers\afd.sys
  0x8F1BB000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8F1C4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8F80A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8F83C000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8F852000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8F85B000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8F869000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8F87C000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8F884000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8F88A000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8F8C6000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F8D0000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
  0x8F8E2000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
  0x8F8EB000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8F902000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8F924000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8F94C000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8A50B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x95AA0000 \SystemRoot\System32\win32k.sys
  0x8F959000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8F963000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x95CC0000 \SystemRoot\System32\TSDDD.dll
  0x95CE0000 \SystemRoot\System32\cdd.dll
  0x8F972000 \SystemRoot\system32\drivers\luafv.sys
  0x8F98D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xAA401000 \SystemRoot\system32\drivers\spsys.sys
  0xAA4B1000 \SystemRoot\system32\DRIVERS\irda.sys
  0xAA4CF000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xAA4DF000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xAA509000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xAA513000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xAA526000 \SystemRoot\system32\drivers\HTTP.sys
  0xAA593000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xAA5B0000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xAA5C9000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xAA5DE000 \SystemRoot\system32\drivers\mrxdav.sys
  0x8F9A2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x8F9C1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x8F1D4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xAF007000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xAF02E000 \SystemRoot\System32\DRIVERS\srv.sys
  0xAF094000 \SystemRoot\system32\drivers\npf.sys
  0xAF0A3000 \SystemRoot\system32\drivers\peauth.sys
  0xAF181000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAF18B000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAF197000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xAF1DF000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
  0xAF07C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xAF1AD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xAF1C2000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xAF1D4000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x77870000 \Windows\System32\ntdll.dll

Processes (total 79):
       0 System Idle Process
       4 System
     544 C:\Windows\System32\smss.exe
     612 csrss.exe
     656 C:\Windows\System32\wininit.exe
     664 csrss.exe
     700 C:\Windows\System32\services.exe
     732 C:\Windows\System32\lsass.exe
     740 C:\Windows\System32\lsm.exe
     800 C:\Windows\System32\winlogon.exe
     920 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\svchost.exe
    1040 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\svchost.exe
    1296 C:\Windows\System32\audiodg.exe
    1320 C:\Windows\System32\svchost.exe
    1336 C:\Windows\System32\SLsvc.exe
    1360 C:\Windows\System32\svchost.exe
    1540 C:\Windows\System32\svchost.exe
    1852 C:\Windows\System32\spoolsv.exe
    1940 C:\Windows\System32\taskeng.exe
    1976 C:\Windows\System32\dwm.exe
    2012 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    2036 C:\Windows\System32\svchost.exe
    2044 C:\Windows\System32\taskeng.exe
     232 C:\Windows\explorer.exe
     668 C:\Windows\System32\agrsmsvc.exe
    2060 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2096 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    2168 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    2340 C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    2476 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2492 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    2596 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2628 C:\Windows\System32\svchost.exe
    2652 C:\Windows\System32\svchost.exe
    2696 C:\Windows\System32\svchost.exe
    2716 C:\Windows\System32\SearchIndexer.exe
    2804 C:\Program Files\Windows Defender\MSASCui.exe
    2948 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    3072 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    3084 C:\Windows\System32\igfxtray.exe
    3092 C:\Windows\System32\hkcmd.exe
    3100 C:\Windows\System32\igfxpers.exe
    3108 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    3120 C:\Program Files\Apoint2K\Apoint.exe
    3128 C:\Program Files\Launch Manager\LManager.exe
    3144 C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    3176 C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    3192 C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    3200 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    3220 C:\Windows\System32\igfxsrvc.exe
    3232 C:\Program Files\Java\jre6\bin\jusched.exe
    3268 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    3292 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3324 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    3564 C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe
    3860 C:\Windows\ehome\ehtray.exe
    3924 C:\Program Files\Skype\Phone\Skype.exe
    3944 C:\Windows\ehome\ehmsas.exe
    3956 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    4044 C:\Program Files\Apoint2K\ApMsgFwd.exe
    4084 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4092 C:\Program Files\Apoint2K\Hidfind.exe
    2076 C:\Program Files\Apoint2K\ApntEx.exe
    1080 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1148 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    1984 C:\Windows\System32\wbem\unsecapp.exe
    1956 WmiPrvSE.exe
      12 C:\Windows\System32\igfxext.exe
    2368 C:\Windows\System32\igfxsrvc.exe
    4068 WmiPrvSE.exe
     564 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    4148 WUDFHost.exe
    4748 C:\Program Files\Mobile Partner\Mobile Partner.exe
    5624 C:\Users\***\Desktop\MBRCheck.exe
    5636 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000020`d4500000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OC60F

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
         

Alt 19.08.2010, 18:56   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Wir müssen den MBR leider manuell fixen.

Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.08.2010, 20:56   #15
sunnyangel
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys



Hab alles so gemacht wie du es wolltest. Was nun?

Antwort

Themen zu Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys
agere systems, alternate, antivir, antivir guard, audiograbber, autorun, avira, bho, browser, c:\windows\system32\services.exe, components, corp./icp, desktop, desktop.ini, entfernen, firefox, flash player, google, home, home premium, iastor.sys, iexplore.exe, install.exe, jusched.exe, local\temp, location, locker, logfile, mozilla, mywinlocker, national, nvstor.sys, oldtimer, opera.exe, otl logfile, otl.exe, programdata, realtek, registry, registry key, saver, scan, searchplugins, security, server, shell32.dll, shortcut, skype.exe, software, start menu, svchost.exe, system, tunnel, usb 2.0, vista, windows, windows vista home



Ähnliche Themen: Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys


  1. Avira meldet TR/Rootkit.Gen in C:windows/system32/drivers....was ist zu tun?
    Plagegeister aller Art und deren Bekämpfung - 19.07.2014 (22)
  2. TR/Rootkit.Gen2'-'C:\WINDOWS\system32\drivers\sptd.sys'
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (1)
  3. windows\system32\drivers\sptd.sys - Rootkit Modification
    Plagegeister aller Art und deren Bekämpfung - 05.06.2011 (18)
  4. Trojan.Bubnix in c:\windows\system32\drivers\nqpqz.sys
    Plagegeister aller Art und deren Bekämpfung - 15.03.2011 (14)
  5. Rootkit C:\windows\system32\drivers\volmgr.sys
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (8)
  6. TR/Rootkit.Gen in C:\Windows\System32\drivers\ghldywj.sys
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (9)
  7. Rootkit Agent in C:\WINDOWS\system32\drivers\lpvmtsvd.sys
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (13)
  8. RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (24)
  9. Rootkit in C:\Windows\system32\drivers\afkw4fu9.sys ?
    Log-Analyse und Auswertung - 08.08.2010 (4)
  10. Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (10)
  11. TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (16)
  12. TR/Rootkit.Gen in C:\Windows\System32\drivers\ezokdc.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (6)
  13. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  14. Rootkit RKIT/Bubnix.S in C:\Windows\System32\drivers\...sys gefunden
    Log-Analyse und Auswertung - 20.05.2010 (3)
  15. TR/Rootkit.gen, TR/BHO.agcg in C:\Windows\system32\drivers\zaohb.sys
    Plagegeister aller Art und deren Bekämpfung - 13.05.2010 (3)
  16. Was tun? Virus Rootkit C:\Windows\System32\drivers\hsntoaox.sys
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (12)
  17. C:\WINDOWS\system32\drivers\**; befürchte Rootkit
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (18)

Zum Thema Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Hallo! Habe ein kleines Problem. Hab vor 2 Tagen festgestellt, dass in meinem Facebook-Account Spam gepostet wurde. Da ich das allerdings nicht getan hab, hab ich gleich mal meinen Laptop - Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys...
Archiv
Du betrachtest: Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.