Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys


Plagegeister aller Art und deren Bekämpfung: Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.08.2010, 20:32   #5
sunnyangel
 
Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Standard

Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys


Hier der Vollscan von Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4445

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

18.08.2010 21:24:12
mbam-log-2010-08-18 (21-24-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|H:\|)
Durchsuchte Objekte: 443913
Laufzeit: 2 Stunde(n), 18 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


OTL

Code:
ATTFilter
OTL logfile created on: 18.08.2010 21:25:34 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Volume C\Meine Programme
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 121,55 Gb Total Space | 53,19 Gb Free Space | 43,76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 101,57 Gb Total Space | 46,95 Gb Free Space | 46,22% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 23,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Volume C\Meine Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Mobile Partner\Mobile Partner.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Volume C\Meine Programme\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PbsAuDrv) -- C:\Windows\System32\drivers\pbsaudrv.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (FNETURPX) -- C:\Windows\System32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.05.06 23:56:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M]
 
[2009.11.06 02:32:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.18 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions
[2010.08.12 13:55:02 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010.08.01 13:02:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.16 16:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010.07.28 23:06:14 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.28 23:06:14 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.28 23:06:14 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.28 23:06:14 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.28 23:06:14 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.17 20:29:13 | 000,416,646 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14382 more lines...
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Video Converter... - C:\Program Files\Media Player Utilities 5.20\AVIConverter\grab.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.07 22:58:08 | 000,000,052 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{112b34c3-d857-11de-b809-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{112b34c3-d857-11de-b809-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1fb025c6-f3a0-11de-86c2-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{1fb025c6-f3a0-11de-86c2-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1fb025c8-f3a0-11de-86c2-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{1fb025c8-f3a0-11de-86c2-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{25885557-0088-11df-8c87-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{25885557-0088-11df-8c87-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{25885559-0088-11df-8c87-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{25885559-0088-11df-8c87-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{620b8196-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{620b8196-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{620b8198-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{620b8198-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{620b81b6-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{620b81b6-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{6e0a798e-d6f1-11de-ac0d-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e0a798e-d6f1-11de-ac0d-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{6e0a7990-d6f1-11de-ac0d-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e0a7990-d6f1-11de-ac0d-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7f3fbf30-c3ad-11de-a18a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{7f3fbf30-c3ad-11de-a18a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{7f3fbf33-c3ad-11de-a18a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{7f3fbf33-c3ad-11de-a18a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{b1b530dc-d826-11de-96a7-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{b1b530dc-d826-11de-96a7-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{b1b530ff-d826-11de-96a7-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{b1b530ff-d826-11de-96a7-001f16bb269c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{bb601a8c-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb601a8c-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{bb601ab3-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb601ab3-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{bb601ac8-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb601ac8-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{c7b38800-d773-11de-a34a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{c7b38800-d773-11de-a34a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c7b3881f-d773-11de-a34a-001f16bb269c}\Shell - "" = AutoRun
O33 - MountPoints2\{c7b3881f-d773-11de-a34a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.17 23:23:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Online Solutions
[2010.08.13 01:29:06 | 000,000,000 | ---D | C] -- C:\MRecord
[2010.08.12 16:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NtiDvdCopy
[2010.08.12 15:31:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xVideoServiceThief
[2010.08.12 15:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Xesc & Technology
[2010.08.12 15:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2010.08.12 15:16:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\StreamRecorder
[2010.08.12 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\StreamboxVcrSuite2
[2010.08.12 15:06:06 | 000,000,000 | ---D | C] -- C:\temp
[2010.08.12 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DonationCoder
[2010.08.12 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DonationCoder
[2010.08.12 14:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010.08.12 14:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\URLSnooper2
[2010.08.12 14:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\WMR14
[2010.08.12 13:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2010.08.12 13:50:18 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Freecorder 4
[2010.08.12 13:50:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FLVService
[2010.08.12 13:50:14 | 000,000,000 | ---D | C] -- C:\Windows\Freecorder
[2010.08.12 13:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2010.08.12 13:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Engelmann Media
[2010.08.12 13:43:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2010.08.12 13:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Engelmann Media
[2010.08.12 13:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010.08.01 16:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET
[2010.08.01 16:38:57 | 000,007,040 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETURPX.SYS
[2010.08.01 16:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\PcCloneEX
[2009.08.07 01:26:00 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.18 21:26:38 | 007,602,176 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.18 20:58:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 20:58:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 20:47:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.18 19:02:10 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{46CCB267-0AB0-40E7-9B58-D3DE27FB2FC2}.job
[2010.08.18 18:58:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.18 18:58:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.18 18:58:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.18 18:58:05 | 3146,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.18 00:58:24 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.18 00:58:24 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.18 00:58:16 | 006,192,609 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.17 20:46:53 | 000,005,908 | ---- | M] () -- C:\Users\***\Documents\cc_20100817_204648.reg
[2010.08.17 20:29:13 | 000,416,646 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.17 02:07:55 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.17 02:07:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.17 02:07:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.17 02:07:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.17 02:07:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.17 02:06:36 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.17 02:06:34 | 000,243,712 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.12 16:13:32 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2010.08.12 15:30:11 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\xVST.lnk
[2010.08.12 14:55:34 | 000,000,046 | ---- | M] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010.08.12 13:10:39 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010.08.10 12:45:12 | 000,415,906 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100817-202913.backup
[2010.08.10 00:38:46 | 000,001,410 | ---- | M] () -- C:\Users\***\Documents\cc_20100810_003835.reg
[2010.08.06 19:44:27 | 000,266,629 | ---- | M] () -- C:\Users\***\Desktop\IMG_0012.jpg
[2010.08.01 16:38:57 | 000,007,040 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETURPX.SYS
[2010.07.28 15:19:29 | 000,049,510 | ---- | M] () -- C:\Users\***\Documents\cc_20100728_151923.reg
[2010.07.23 14:33:36 | 000,033,792 | ---- | M] () -- C:\Users\***\Desktop\Your order confirmation.doc
[2010.07.20 11:58:17 | 000,080,896 | ---- | M] () -- C:\Users\***\Desktop\Julia   EXTRA 2.doc
 
========== Files Created - No Company Name ==========
 
[2010.08.17 20:46:51 | 000,005,908 | ---- | C] () -- C:\Users\***\Documents\cc_20100817_204648.reg
[2010.08.12 15:30:11 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\xVST.lnk
[2010.08.12 14:55:34 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010.08.12 13:10:39 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010.08.10 00:38:44 | 000,001,410 | ---- | C] () -- C:\Users\***\Documents\cc_20100810_003835.reg
[2010.08.06 19:44:45 | 000,266,629 | ---- | C] () -- C:\Users\***\Desktop\IMG_0012.jpg
[2010.07.28 15:19:25 | 000,049,510 | ---- | C] () -- C:\Users\***\Documents\cc_20100728_151923.reg
[2010.07.23 14:33:36 | 000,033,792 | ---- | C] () -- C:\Users\***\Desktop\Your order confirmation.doc
[2010.07.15 14:58:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.07.15 13:22:20 | 000,000,264 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.06.14 02:22:27 | 000,000,012 | ---- | C] () -- C:\Users\***\AppData\Roaming\qcopjv.dat
[2010.05.06 23:45:33 | 000,000,024 | ---- | C] () -- C:\Windows\System32\Drv32_16.ini
[2009.12.24 18:23:55 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.12.24 18:21:02 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2009.10.25 10:59:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.25 10:41:58 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.10.23 11:24:20 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.10.23 11:24:08 | 000,243,712 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.23 10:54:36 | 000,000,262 | ---- | C] () -- C:\Windows\WINCMD.INI
[2009.10.23 10:39:41 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.10.22 21:09:42 | 000,000,084 | ---- | C] () -- C:\Windows\winamp.ini
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.10.20 11:31:47 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.10.20 10:02:24 | 000,006,080 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.08.07 01:12:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2009.08.07 01:12:47 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.08.06 16:55:41 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 05:26:46 | 000,004,536 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2009.10.20 11:40:56 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2009.08.06 16:55:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console
[2010.05.06 23:58:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audio Record Edit Toolbox
[2010.05.06 23:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audio Recorder for Free
[2010.08.12 14:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DonationCoder
[2010.08.12 13:43:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2009.10.20 10:09:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2009.10.23 10:30:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2009.10.25 10:23:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2010.01.01 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.08.17 23:30:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Online Solutions
[2010.05.25 13:59:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2009.09.29 17:29:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2009.09.29 17:29:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA
[2010.08.11 00:58:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2010.07.14 22:23:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wuala
[2010.08.12 16:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xVideoServiceThief
[2010.08.18 00:58:27 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.18 19:02:10 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{46CCB267-0AB0-40E7-9B58-D3DE27FB2FC2}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3B71D0B4
< End of report >


 

Themen zu Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys
agere systems, alternate, antivir, antivir guard, audiograbber, autorun, avira, bho, browser, c:\windows\system32\services.exe, components, corp./icp, desktop, desktop.ini, entfernen, firefox, flash player, google, home, home premium, iastor.sys, iexplore.exe, install.exe, jusched.exe, local\temp, location, locker, logfile, mozilla, mywinlocker, national, nvstor.sys, oldtimer, opera.exe, otl logfile, otl.exe, plug-in, programdata, realtek, registry, registry key, saver, scan, searchplugins, security, server, shell32.dll, shortcut, skype.exe, software, start menu, svchost.exe, system, total commander, tunnel, usb 2.0, vista, windows, windows vista home


« Virus Alureon.H gefunden! Wie werde ich den wieder los? | Symantec meldet geblockte von mir ausgehende Spam-Mails. »


Ähnliche Themen: Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys


  1. Avira meldet TR/Rootkit.Gen in C:windows/system32/drivers....was ist zu tun?
    Plagegeister aller Art und deren Bekämpfung - 19.07.2014 (22)
  2. TR/Rootkit.Gen2'-'C:\WINDOWS\system32\drivers\sptd.sys'
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (1)
  3. windows\system32\drivers\sptd.sys - Rootkit Modification
    Plagegeister aller Art und deren Bekämpfung - 05.06.2011 (18)
  4. Trojan.Bubnix in c:\windows\system32\drivers\nqpqz.sys
    Plagegeister aller Art und deren Bekämpfung - 15.03.2011 (14)
  5. Rootkit C:\windows\system32\drivers\volmgr.sys
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (8)
  6. TR/Rootkit.Gen in C:\Windows\System32\drivers\ghldywj.sys
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (9)
  7. Rootkit Agent in C:\WINDOWS\system32\drivers\lpvmtsvd.sys
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (13)
  8. RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (24)
  9. Rootkit in C:\Windows\system32\drivers\afkw4fu9.sys ?
    Log-Analyse und Auswertung - 08.08.2010 (4)
  10. Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (10)
  11. TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (16)
  12. TR/Rootkit.Gen in C:\Windows\System32\drivers\ezokdc.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (6)
  13. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  14. Rootkit RKIT/Bubnix.S in C:\Windows\System32\drivers\...sys gefunden
    Log-Analyse und Auswertung - 20.05.2010 (3)
  15. TR/Rootkit.gen, TR/BHO.agcg in C:\Windows\system32\drivers\zaohb.sys
    Plagegeister aller Art und deren Bekämpfung - 13.05.2010 (3)
  16. Was tun? Virus Rootkit C:\Windows\System32\drivers\hsntoaox.sys
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (12)
  17. C:\WINDOWS\system32\drivers\**; befürchte Rootkit
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys - Hier der Vollscan von Malwarebytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4445 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 18.08.2010 21:24:12 mbam-log-2010-08-18 (21-24-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|H:\|) - Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys...
Archiv
Du betrachtest: Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131