| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sysWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.08.2010, 22:02
| #1 |
 |  Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys Hallo! Habe ein kleines Problem. Hab vor 2 Tagen festgestellt, dass in meinem Facebook-Account Spam gepostet wurde. Da ich das allerdings nicht getan hab, hab ich gleich mal meinen Laptop mit Malwarebytes Anti-Malware scannen lassen und da wurde Rootkit.Bubnix gefunden. Ich habe schon versucht es mit Malwarebytes zu entfernen, aber es funktioniert nicht. Über Google bin ich dann hier gelandet und hoffe ihr könnt mir helfen. Habe mich hier schonmal etwas schlau gemacht und GMER, OSAM, OTL und Malwarebytes Anti-Malware laufen lassen. GMER und Anti-Malware haben die qmjlmyja.sys gefunden. Ich habe noch nichts weiter versucht als den Rootkit mit Malwarebytes zu entfernen, ich will ja nichts kaputt machen. Ich hoffe ihr könnt mir helfen und mein System retten. Vielen Dank im Voraus. Hier nun die Logs: Malwarebytes Malwarebytes' Anti-Malware 1.46 h**p://www.malwarebytes.org Datenbank Version: 4440 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 17.08.2010 20:19:06 mbam-log-2010-08-17 (20-19-06).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 130022 Laufzeit: 14 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\system32\Drivers\qmjlmyja.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully. OSAM Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 h**p://www.online-solutions.ru/en/ Saved at 21:00:13 on 17.08.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "dtllusbg" (dtllusbg) - ? - C:\Windows\system32\drivers\dtllusbg.sys (File not found) "FNETURPX" (FNETURPX) - "FNet Co., Ltd." - C:\Windows\System32\drivers\FNETURPX.SYS "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys "mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys "mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys "mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys "PolderbitS Audio Driver" (PbsAuDrv) - ? - C:\Windows\System32\drivers\pbsaudrv.sys (File not found) "qmjlmyja" (qmjlmyja) - ? - C:\Windows\system32\drivers\qmjlmyja.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys "ylrggnz" (ylrggnz) - ? - C:\Windows\system32\drivers\ylrggnz.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {0FB6A909-6086-458F-BD92-1F8EE10042A0} "AC-Pro" - "SimplyGen" - C:\Program Files\AutocompletePro\AutocompletePro.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {31FF080D-12A3-439A-A2EF-4BA95A3148E8} "{31FF080D-12A3-439A-A2EF-4BA95A3148E8}" - ? - (File not found | COM-object registry key not found) {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Arlette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k "CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" "EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe "mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe "NeroFilterCheck" - "Ahead Software Gmbh" - C:\Windows\system32\NeroCheck.exe "PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files\WinPcap\rpcapd.exe GMER Code:
ATTFilter GMER 1.0.15.15281 - h**p://www.gmer.net
Rootkit scan 2010-08-17 21:41:36
Windows 6.0.6002 Service Pack 2
Running: 7z9yrzf5.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldqfow.sys
---- Kernel code sections - GMER 1.0.15 ----
? System32\drivers\bdavet.sys Das System kann den angegebenen Pfad nicht finden. !
? System32\Drivers\qmjlmyja.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
init C:\Windows\System32\drivers\FNETURPX.SYS entry point in "init" section [0x8F5FA380]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[616] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 7645B364 4 Bytes [20, 28, 00, 10] {AND [EAX], CH; ADD [EAX], DL}
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!SetScrollRange 7707D185 5 Bytes JMP 003623F0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!GetSysColorBrush 7707E21C 5 Bytes JMP 003624E0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!GetScrollInfo 7707F073 7 Bytes JMP 003622C0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!ShowScrollBar 7707F8AE 5 Bytes JMP 00362440 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!SetScrollInfo 770871D8 7 Bytes JMP 00362370 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!GetSysColor 77089BF6 5 Bytes JMP 00362480 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!EnableScrollBar 7709AF53 7 Bytes JMP 00362280 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!GetScrollPos 770A337D 5 Bytes JMP 00362300 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!GetScrollRange 770A34A5 5 Bytes JMP 00362330 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[5320] USER32.dll!SetScrollPos 770A3602 5 Bytes JMP 003623B0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7484A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74828395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7487CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7481C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002D50] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[616] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2428] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [00AB1210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8717FE18
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] qmjlmyja <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\qmjlmyja@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\qmjlmyja@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\qmjlmyja@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\qmjlmyja@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet006\Services\qmjlmyja@Type 1
Reg HKLM\SYSTEM\ControlSet006\Services\qmjlmyja@Start 0
Reg HKLM\SYSTEM\ControlSet006\Services\qmjlmyja@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet006\Services\qmjlmyja@Group Boot Bus Extender
---- EOF - GMER 1.0.15 ----
OTL Code:
ATTFilter OTL logfile created on: 17.08.2010 21:45:17 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Volume C\Meine Programme Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 121,55 Gb Total Space | 53,63 Gb Free Space | 44,12% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 101,57 Gb Total Space | 46,95 Gb Free Space | 46,22% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 23,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Volume C\Meine Programme\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Mobile Partner\Mobile Partner.exe () PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Volume C\Meine Programme\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (PbsAuDrv) -- C:\Windows\System32\drivers\pbsaudrv.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (dtllusbg) -- C:\Windows\System32\drivers\dtllusbg.sys File not found DRV - (FNETURPX) -- C:\Windows\System32\drivers\FNETURPX.SYS (FNet Co., Ltd.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = h**p://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "h**p://www.google.de/" FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11 FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.05.06 23:56:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 20:00:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 20:00:55 | 000,000,000 | ---D | M] [2009.11.06 02:32:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.08.17 11:19:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions [2010.08.12 13:55:02 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2010.08.01 13:02:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hwp2ay5u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.16 16:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll [2010.07.28 23:06:14 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.28 23:06:14 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.28 23:06:14 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.28 23:06:14 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.28 23:06:14 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.17 20:29:13 | 000,416,646 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14382 more lines... O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Add to Video Converter... - C:\Program Files\Media Player Utilities 5.20\AVIConverter\grab.html () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.06.07 22:58:08 | 000,000,052 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{112b34c3-d857-11de-b809-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{112b34c3-d857-11de-b809-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{1fb025c6-f3a0-11de-86c2-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{1fb025c6-f3a0-11de-86c2-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{1fb025c8-f3a0-11de-86c2-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{1fb025c8-f3a0-11de-86c2-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{25885557-0088-11df-8c87-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{25885557-0088-11df-8c87-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{25885559-0088-11df-8c87-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{25885559-0088-11df-8c87-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{620b8196-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{620b8196-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{620b8198-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{620b8198-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{620b81b6-c9a7-11de-aa72-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{620b81b6-c9a7-11de-aa72-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{6e0a798e-d6f1-11de-ac0d-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{6e0a798e-d6f1-11de-ac0d-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{6e0a7990-d6f1-11de-ac0d-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{6e0a7990-d6f1-11de-ac0d-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{7f3fbf30-c3ad-11de-a18a-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{7f3fbf30-c3ad-11de-a18a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{7f3fbf33-c3ad-11de-a18a-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{7f3fbf33-c3ad-11de-a18a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{b1b530dc-d826-11de-96a7-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{b1b530dc-d826-11de-96a7-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{b1b530ff-d826-11de-96a7-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{b1b530ff-d826-11de-96a7-001f16bb269c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{bb601a8c-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{bb601a8c-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found O33 - MountPoints2\{bb601ab3-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{bb601ab3-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found O33 - MountPoints2\{bb601ac8-c2ee-11de-b769-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{bb601ac8-c2ee-11de-b769-001f16bb269c}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found O33 - MountPoints2\{c7b38800-d773-11de-a34a-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{c7b38800-d773-11de-a34a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{c7b3881f-d773-11de-a34a-001f16bb269c}\Shell - "" = AutoRun O33 - MountPoints2\{c7b3881f-d773-11de-a34a-001f16bb269c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008.04.26 00:58:10 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.13 01:29:06 | 000,000,000 | ---D | C] -- C:\MRecord [2010.08.12 16:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NtiDvdCopy [2010.08.12 15:31:11 | 000,000,000 | ---D | C] -- C:\Users\Arlette\AppData\Roaming\xVideoServiceThief [2010.08.12 15:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Xesc & Technology [2010.08.12 15:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft [2010.08.12 15:16:06 | 000,000,000 | ---D | C] -- C:\Users\Arlette\AppData\Local\StreamRecorder [2010.08.12 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\StreamboxVcrSuite2 [2010.08.12 15:06:06 | 000,000,000 | ---D | C] -- C:\temp [2010.08.12 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\Arlette\Documents\DonationCoder [2010.08.12 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\Arlette\AppData\Roaming\DonationCoder [2010.08.12 14:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2010.08.12 14:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\URLSnooper2 [2010.08.12 14:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\WMR14 [2010.08.12 13:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder [2010.08.12 13:50:18 | 000,000,000 | ---D | C] -- C:\Users\Arlette\Documents\Freecorder 4 [2010.08.12 13:50:18 | 000,000,000 | ---D | C] -- C:\Users\Arlette\AppData\Local\FLVService [2010.08.12 13:50:14 | 000,000,000 | ---D | C] -- C:\Windows\Freecorder [2010.08.12 13:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2010.08.12 13:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Engelmann Media [2010.08.12 13:43:28 | 000,000,000 | ---D | C] -- C:\Users\Arlette\AppData\Roaming\Engelmann Media [2010.08.12 13:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Engelmann Media [2010.08.12 13:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio [2010.08.01 16:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET [2010.08.01 16:38:57 | 000,007,040 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETURPX.SYS [2010.08.01 16:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\PcCloneEX [2009.08.07 01:26:00 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010.08.17 21:46:12 | 000,565,280 | ---- | M] () -- C:\Windows\System32\drivers\qmjlmyja.sys [2010.08.17 21:44:49 | 007,602,176 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.08.17 20:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.17 20:46:53 | 000,005,908 | ---- | M] () -- C:\Users\***\Documents\cc_20100817_204648.reg [2010.08.17 20:29:13 | 000,416,646 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.08.17 20:23:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.17 20:23:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.17 20:21:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.17 20:21:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.17 20:21:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.17 20:20:41 | 3146,604,544 | -HS- | M] () -- C:\hiberfil.sys [2010.08.17 20:19:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.17 20:19:30 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.17 20:19:29 | 006,208,119 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.08.17 19:33:02 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{46CCB267-0AB0-40E7-9B58-D3DE27FB2FC2}.job [2010.08.17 02:07:55 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.17 02:07:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.17 02:07:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.17 02:07:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.17 02:07:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.17 02:06:36 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.08.17 02:06:34 | 000,243,712 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.12 16:13:32 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll [2010.08.12 15:30:11 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\xVST.lnk [2010.08.12 14:55:34 | 000,000,046 | ---- | M] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat [2010.08.12 13:10:39 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk [2010.08.10 12:45:12 | 000,415,906 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100817-202913.backup [2010.08.10 00:38:46 | 000,001,410 | ---- | M] () -- C:\Users\***\Documents\cc_20100810_003835.reg [2010.08.06 19:44:27 | 000,266,629 | ---- | M] () -- C:\Users\***\Desktop\IMG_0012.jpg [2010.08.01 16:38:57 | 000,007,040 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETURPX.SYS [2010.07.28 15:19:29 | 000,049,510 | ---- | M] () -- C:\Users\***\Documents\cc_20100728_151923.reg [2010.07.23 14:33:36 | 000,033,792 | ---- | M] () -- C:\Users\***\Desktop\Your order confirmation.doc [2010.07.20 11:58:17 | 000,080,896 | ---- | M] () -- C:\Users\***\Desktop\Julia EXTRA 2.doc ========== Files Created - No Company Name ========== [2010.08.17 20:46:51 | 000,005,908 | ---- | C] () -- C:\Users\***\Documents\cc_20100817_204648.reg [2010.08.12 15:30:11 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\xVST.lnk [2010.08.12 14:55:34 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat [2010.08.12 13:10:39 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk [2010.08.10 00:38:44 | 000,001,410 | ---- | C] () -- C:\Users\***\Documents\cc_20100810_003835.reg [2010.08.06 19:44:45 | 000,266,629 | ---- | C] () -- C:\Users\***\Desktop\IMG_0012.jpg [2010.07.28 15:19:25 | 000,049,510 | ---- | C] () -- C:\Users\***\Documents\cc_20100728_151923.reg [2010.07.23 14:33:36 | 000,033,792 | ---- | C] () -- C:\Users\***\Desktop\Your order confirmation.doc [2010.07.16 01:35:33 | 000,565,280 | ---- | C] () -- C:\Windows\System32\drivers\qmjlmyja.sys [2010.07.15 14:58:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.07.15 13:22:20 | 000,000,264 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.06.14 02:22:27 | 000,000,012 | ---- | C] () -- C:\Users\***\AppData\Roaming\qcopjv.dat [2010.05.06 23:45:33 | 000,000,024 | ---- | C] () -- C:\Windows\System32\Drv32_16.ini [2009.12.24 18:23:55 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.12.24 18:21:02 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini [2009.10.25 10:59:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.25 10:41:58 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.10.23 11:24:20 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.10.23 11:24:08 | 000,243,712 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.23 10:54:36 | 000,000,262 | ---- | C] () -- C:\Windows\WINCMD.INI [2009.10.23 10:39:41 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.10.22 21:09:42 | 000,000,084 | ---- | C] () -- C:\Windows\winamp.ini [2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.10.20 11:31:47 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.20 10:02:24 | 000,006,080 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.08.07 01:12:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll [2009.08.07 01:12:47 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2009.08.06 16:55:41 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.03.12 05:26:46 | 000,004,536 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3B71D0B4 < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.08.2010 21:45:17 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Volume C\Meine Programme
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 121,55 Gb Total Space | 53,63 Gb Free Space | 44,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 101,57 Gb Total Space | 46,95 Gb Free Space | 46,22% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 23,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ARLETTE-PC
Current User Name: Arlette
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{126358A5-E5FE-4812-8D21-64AAA618A534}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2D731802-66E1-4AFD-8D54-9AC1EFCD7B92}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3C53CDF5-F302-4CE3-8E40-B2224BEC51A8}" = lport=139 | protocol=6 | dir=in | app=system |
"{3E8AD33E-B221-418D-B725-5CC58DCAAABF}" = lport=445 | protocol=6 | dir=in | app=system |
"{405B78A8-FA15-4A94-8F88-BB2D6B844F0F}" = rport=138 | protocol=17 | dir=out | app=system |
"{4587DB08-D31B-4D44-92D1-0390F3A9F467}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50FDBF99-38CB-4AB3-9DB5-52FF23997EFF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5AB1CA18-245A-476A-8F7F-919EC9C3099C}" = lport=138 | protocol=17 | dir=in | app=system |
"{65FA6840-0468-424E-B760-E178F340B827}" = rport=139 | protocol=6 | dir=out | app=system |
"{6CD8DD6C-7820-49C9-B63F-CA126B53B8FF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7ED51CF5-52C7-4B21-B7D3-03CB0403B2CD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8D6191C0-FA3D-4F40-ACF0-03A48B857C74}" = rport=137 | protocol=17 | dir=out | app=system |
"{8EAD9444-CAE7-4AFB-9730-FCE9C7C6566C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{91882B20-2B95-4FC7-B9D4-D71E9FDF1DAB}" = rport=445 | protocol=6 | dir=out | app=system |
"{9358EEEF-BB5A-441F-9C63-6B0682426CD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3CB069B-C76B-432C-8955-F40A715A9BB6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5EFC25D-836E-47AB-B28E-A7CBC1EAB2E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCBCDBC1-71F7-46C7-AECA-84CC331C1B83}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA2DDBE6-B945-42D9-9D11-A247139F98F8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F2367DF6-C14E-49A8-99F4-F8FF6A0AD69E}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{144FF92C-E26D-4D21-AADD-302EA333DDDA}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{1FE3789A-1AAD-44B4-9752-97ABEA3DE6A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{231F976C-1FE7-42E8-A795-29F6BFD2A2B0}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2794FFE9-F3F8-412C-B41D-C41C3A843F47}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2C4C32CE-3BD1-4E53-8C2F-EFFEEECFC74A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F22C011-2E17-4D3C-9E20-CB0F5DABD3FB}" = protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{3614DA65-603B-43D0-A4AB-DD5E5F71489B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{695B5477-A14F-4F51-AC46-704250CC933B}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{7FC3F7C3-80E1-452B-8F96-2ACFA738A646}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{849BD9DC-05DF-4D33-A204-580B657BB077}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{87DB95DA-FE64-4275-B28C-C132B5A916F3}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A906FF09-D090-4898-AFAC-30ED204F144E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{ACD2C83F-2E31-492F-A786-0C184946EE9A}" = protocol=17 | dir=in | app=c:\windows\system32\services.exe |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AFB73EEE-B406-41E8-A681-722EA06F8338}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B848D883-AA2A-4EE9-97BB-273829259272}" = protocol=17 | dir=in | app=c:\windows\system32\services.exe |
"{BE2713BE-367C-4A26-AC89-43807A712E8C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D0CEC8EF-E286-42EC-BDA7-9C2E9B0D54C4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D4E1FDF0-D03F-4F74-9FAC-C81503ED227A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DD75891E-0793-4132-A1C4-22AB9EE5860F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E67122C1-B020-400F-A24E-A1949CCDD590}" = protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"TCP Query User{00128C65-7E74-4D7F-83A6-B9698D7C7817}C:\users\arlette\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\arlette\appdata\roaming\wuala\wuala.exe |
"TCP Query User{1CAB2790-B6E0-4D67-B375-BDCBB55E8D62}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{3544F028-021E-4906-9CBB-B554E21A6D93}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{3F74D9FE-1BA1-4D31-8855-494121681540}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{8E2F95FA-A399-4F5F-AB55-7A121CEF1789}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{BB39ADFA-FDAA-433E-ACBB-F861AE859752}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{D9C39C55-F5FE-4EA0-9F91-DE1F1566FF14}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F5B91AA5-3C3C-4514-B31C-1E4BCE9B0F9D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{16C889E2-CDFE-4ED1-AD96-1C268C285C7C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{190703EF-07B8-4A74-84EF-C8AB9F38A6DE}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{2BF179D2-1670-45FA-BEC5-D44631CA18D6}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{2F950FF6-587F-4720-9E59-B96CB7B879B7}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{30524D6A-6226-4190-9D4F-DBFCF21CCD4D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{352BEF6C-3DBC-4BC8-B4FE-BCE596C9B698}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{959CE8CD-864C-4726-B5B4-4C8934289EA3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C30D72C2-E10C-4CF1-8FBF-F1FEAE3CCACB}C:\users\arlette\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\arlette\appdata\roaming\wuala\wuala.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{32D4851C-399A-4C02-A961-6A56178004B9}" = Hama Webcam Suite
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}" = Media Player Utilities 5.20
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD2F9F4-A0EA-4563-B410-95F4EAB9C04E}" = xVideoServiceThief
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audiograbber" = Audiograbber 1.83 SE
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PcCloneEX" = PcCloneEX
"RealPlayer 12.0" = RealPlayer
"RescuePRO-Deluxe" = RescuePRO Deluxe 4.0
"Riva FLV Player_is1" = Riva FLV Player
"Totalcmd" = Total Commander (Remove or Repair)
"Video Encoder_is1" = Video Encoder 1.2
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.08.2010 05:43:12 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 08.08.2010 05:43:12 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 08.08.2010 05:43:51 | Computer Name = Arlette-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.08.2010 15:39:16 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 08.08.2010 15:39:16 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 08.08.2010 15:40:01 | Computer Name = Arlette-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.08.2010 05:58:22 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 09.08.2010 05:58:22 | Computer Name = Arlette-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 09.08.2010 05:58:57 | Computer Name = Arlette-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.08.2010 07:23:29 | Computer Name = Arlette-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel
0x4bdfa327, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18928, Zeitstempel
0x4bdfb76d, Ausnahmecode 0xc0000005, Fehleroffset 0x000a0e1d, Prozess-ID 0x1484,
Anwendungsstartzeit 01cb37ac8cd4c74c.
[ System Events ]
Error - 14.08.2010 06:44:52 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.08.2010 17:23:09 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.08.2010 03:46:05 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.08.2010 13:39:33 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.08.2010 07:40:37 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.08.2010 18:55:29 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.08.2010 20:09:04 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 17.08.2010 04:50:36 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.08.2010 13:31:12 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.08.2010 14:22:16 | Computer Name = Arlette-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
| Themen zu Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys |
| agere systems, alternate, antivir, antivir guard, audiograbber, autorun, avira, bho, browser, c:\windows\system32\services.exe, components, corp./icp, desktop, desktop.ini, entfernen, firefox, flash player, google, home, home premium, iastor.sys, iexplore.exe, install.exe, jusched.exe, local\temp, location, locker, logfile, mozilla, mywinlocker, national, nvstor.sys, oldtimer, opera.exe, otl logfile, otl.exe, plug-in, programdata, realtek, registry, registry key, saver, scan, searchplugins, security, server, shell32.dll, shortcut, skype.exe, software, start menu, svchost.exe, system, total commander, tunnel, usb 2.0, vista, windows, windows vista home |
Baum-Darstellung