Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Und nochjemand mit Rootkit RKIT/Agent.biiu :(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.09.2010, 17:35   #1
Sawdust
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Hey,

seit einem gestrigen Neustart zeigt mein Windows Vista System die ein oder andere komische Treiber Fehlermeldung beim hochfahren. Meine Firewire Audiogeräte funktionieren nicht mehr wie sie sollen. Ein Suchlauf mit Antivir brachte folgendes Ergebnis:

Die Datei 'C:\Windows\System32\drivers\ukwbl.sys'
enthielt einen Virus oder unerwünschtes Programm 'RKIT/Agent.biiu' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Fehler in der ARK Library.
Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden.Mögliche Ursache: Ein an das System angeschlossenes Gerät funktioniert nicht.
.

Folgende Logfiles:

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.09.2010 17:38:58 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Sawdust\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 3,46 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 145,97 Gb Total Space | 19,80 Gb Free Space | 13,56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAWDUSTMOBIL
Current User Name: Sawdust
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.09.12 17:32:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
PRC - [2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
PRC - [2010.08.09 15:27:06 | 000,836,464 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
PRC - [2010.04.29 12:19:18 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.12.10 12:55:15 | 000,470,785 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ6.5\ICQ.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.05.19 23:53:03 | 000,207,360 | ---- | M] (AVM Berlin) -- C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.04.26 15:57:06 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.04.22 11:44:00 | 000,648,520 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008.04.18 19:27:52 | 000,316,744 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2008.04.18 19:27:40 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008.04.17 10:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.e xe
PRC - [2008.04.17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008.04.17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008.04.16 16:43:32 | 002,577,736 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008.04.14 23:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.03.31 19:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008.01.21 04:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008.01.09 10:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.10.10 17:36:42 | 001,126,400 | ---- | M] (PreSonus Audio Electronics) -- C:\Programme\PreSonus\1394AudioDriver_FP10\FP10.ex e
PRC - [2007.10.10 17:28:48 | 001,126,400 | ---- | M] (PreSonus Audio Electronics) -- C:\Programme\PreSonus\1394AudioDriver_FirePod\Fire Pod.exe
PRC - [2007.08.24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
MOD - [2010.09.11 17:24:52 | 000,046,592 | -H-- | M] () -- C:\Windows\System32\Complder.dll
MOD - [2008.01.21 04:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:24:11 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0867D.tmp -- (yjboizih)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0BF19.tmp -- (vhvumskf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\08803.tmp -- (tmybvqlj)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\09819.tmp -- (luiznhmes)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0273E.tmp -- (kavdhnkn)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys -- (EraserUtilDrv10920)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\emusba10.sys -- (emusba10)
DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.12.10 12:55:15 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.19 23:52:54 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.23 23:35:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2008.12.04 03:01:50 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.09.08 13:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008.07.18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.06.20 06:37:06 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.06.12 12:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.23 17:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.15 04:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.04.04 11:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008.03.25 13:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 11:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.03.04 19:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.01.22 20:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.29 18:58:56 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.11.29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.18 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.09 17:32:24 | 000,123,440 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pae_1394.sys -- (pae_1394)
DRV - [2007.10.09 17:32:24 | 000,051,248 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pae_avs.sys -- (pae_avs)
DRV - [2007.10.02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.08.29 15:50:46 | 000,039,296 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224Wdm.sys -- (Us224WdmService)
DRV - [2007.08.29 15:50:34 | 000,018,176 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224DL.sys -- (US224DL)
DRV - [2007.08.29 15:50:02 | 000,150,272 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224.sys -- (US224)
DRV - [2007.08.07 06:26:14 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.08.02 09:52:50 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.08.02 09:51:18 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.08.02 09:51:08 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.04.09 17:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2005.01.07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...SEA&bmod=TSEA;
IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...SEA&bmod=TSEA;
IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204 .1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe File not found
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [win32dll] C:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [AVMUSBFernanschluss] C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\monmvr32.exe (SecureNet)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\AutoRun\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\open\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: icachone - (C:\Windows\system32\Complder.dll) - C:\Windows\System32\Complder.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.09.12 17:32:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
[2010.09.12 17:23:01 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\Malwarebytes
[2010.09.12 17:22:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.12 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.12 17:22:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.12 17:22:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.12 17:18:23 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
[2010.09.12 17:15:28 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sawdust\Desktop\mbam-setup.exe
[2010.09.09 19:59:40 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\INRES.DLL
[2010.09.09 19:59:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Data
[2010.09.01 11:48:31 | 000,000,000 | ---D | C] -- C:\Programme\TransMac
[2010.09.01 11:48:17 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\tranmak_7.5
[2010.08.26 11:12:37 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\Trillium Lane
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Local\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010.08.26 10:49:15 | 000,000,000 | ---D | C] -- C:\Programme\InterLok
[2010.08.26 10:43:40 | 000,630,784 | ---- | C] (PACE Anti-Piracy) -- C:\Windows\System32\ilinet.dll
[2010.08.26 10:43:37 | 000,097,808 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Windows\System32\drivers\Dalwdm.sys
[2010.08.26 10:43:37 | 000,016,400 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Windows\System32\drivers\diginet.sys
[2010.08.17 14:39:17 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\RPA3
[2010.08.17 11:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Syncrosoft
[2004.12.13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System32\RCCOLLAB.DLL

========== Files - Modified Within 90 Days ==========

[2010.09.12 17:39:39 | 000,585,504 | ---- | M] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.12 17:39:34 | 002,883,584 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT
[2010.09.12 17:32:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
[2010.09.12 17:30:59 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.09.12 17:22:57 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
[2010.09.12 17:15:54 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sawdust\Desktop\mbam-setup.exe
[2010.09.12 17:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.12 16:54:46 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.09.12 16:50:47 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.12 16:50:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 16:50:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 16:50:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.12 16:50:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.12 16:50:22 | 3079,532,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.12 16:49:01 | 000,524,288 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regt rans-ms
[2010.09.12 16:49:01 | 000,065,536 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010.09.12 16:49:00 | 006,291,456 | -H-- | M] () -- C:\Users\Sawdust\AppData\Local\IconCache.db
[2010.09.11 22:01:18 | 000,000,008 | ---- | M] () -- C:\Windows\System32\mssrv32.vxd
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2010.09.11 22:00:42 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2010.09.11 22:00:42 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2010.09.11 17:24:52 | 000,046,592 | -H-- | M] () -- C:\Windows\System32\Complder.dll
[2010.09.11 17:24:49 | 000,000,024 | ---- | M] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
[2010.09.11 17:23:58 | 000,000,004 | ---- | M] () -- C:\Users\Sawdust\AppData\Roaming\avdrn.dat
[2010.09.09 19:59:08 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.09 19:59:07 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.09 19:59:07 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.09 19:59:07 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.09 19:59:07 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.06 21:56:24 | 312,018,752 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.06 17:51:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_0 0_00.Wdf
[2010.09.01 11:48:32 | 000,000,809 | ---- | M] () -- C:\Users\Sawdust\Desktop\TransMac.lnk
[2010.09.01 11:47:07 | 001,873,596 | ---- | M] () -- C:\Users\Sawdust\Desktop\tranmak_7.5.rar
[2010.08.26 11:35:26 | 000,101,064 | ---- | M] () -- C:\Users\Sawdust\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.26 11:34:11 | 000,376,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.23 15:55:07 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\msocreg32.dat
[2010.08.01 21:48:17 | 000,000,013 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010.07.28 23:58:29 | 000,077,312 | ---- | M] () -- C:\Users\Sawdust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010.09.12 17:22:57 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 17:25:36 | 000,585,504 | ---- | C] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.11 17:24:52 | 000,046,592 | -H-- | C] () -- C:\Windows\System32\Complder.dll
[2010.09.11 17:24:34 | 000,000,024 | ---- | C] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
[2010.09.11 17:23:58 | 000,000,004 | ---- | C] () -- C:\Users\Sawdust\AppData\Roaming\avdrn.dat
[2010.09.06 17:51:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_0 0_00.Wdf
[2010.09.01 11:48:32 | 000,000,809 | ---- | C] () -- C:\Users\Sawdust\Desktop\TransMac.lnk
[2010.09.01 11:47:07 | 001,873,596 | ---- | C] () -- C:\Users\Sawdust\Desktop\tranmak_7.5.rar
[2010.08.26 10:43:38 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009.07.30 14:15:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.30 12:33:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.07.09 11:28:17 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.11 16:32:08 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009.06.01 11:27:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009.05.20 00:17:07 | 000,000,419 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.05.17 14:00:18 | 000,001,356 | ---- | C] () -- C:\Users\Sawdust\AppData\Local\d3d9caps.dat
[2009.05.07 16:38:09 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.05.01 23:10:53 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.01 23:10:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.04.29 13:39:47 | 000,491,520 | ---- | C] () -- C:\Windows\System32\libencdec.dll
[2009.04.23 23:40:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2009.04.23 23:35:26 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.04.23 23:20:16 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009.04.23 23:15:46 | 000,905,290 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009.04.22 21:56:01 | 000,077,312 | ---- | C] () -- C:\Users\Sawdust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.26 08:16:28 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.25 23:09:53 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.08.25 23:09:52 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.08.25 23:09:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.08.25 23:09:52 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.25 23:07:26 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.08.25 23:04:38 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.08.25 23:04:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009.10.10 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Antares Design
[2009.04.29 13:39:47 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Audio Ease
[2009.08.12 17:56:44 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Canneverbe_Limite d
[2009.06.01 12:36:43 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Canon
[2009.04.23 23:49:19 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\DAEMON Tools Lite
[2009.05.25 10:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\ePaperPress
[2010.09.11 17:42:05 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\ICQ
[2009.04.22 09:23:33 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Opera
[2010.08.26 11:10:51 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\PACE Anti-Piracy
[2009.07.19 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Propellerhead Software
[2009.04.23 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Steinberg
[2009.05.27 15:56:03 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Toshiba
[2010.08.26 11:12:37 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Trillium Lane
[2010.09.12 16:49:04 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:94B1D287B21E9A83
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Xí:ˆácpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\,ð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nw²�wNwºÔIvØôVpctlsp.log
@Alternate Data Stream - 1374 bytes -> C:\ProgramData\Microsoft:7EvseLvdLbmzATL9
@Alternate Data Stream - 1360 bytes -> C:\Users\Sawdust\AppData\Local\Temp:5z6STY7n3QGFJS NMD
@Alternate Data Stream - 1292 bytes -> C:\Users\Sawdust\AppData\Local\Temp:v9Sl0NtmUrjY9o GGBo9V
@Alternate Data Stream - 1274 bytes -> C:\Program Files\Common Files\microsoft shared:GpKA9BXuOZ6ZBpA1iHHV
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 1232 bytes -> C:\ProgramData\Microsoft:0gUAintNrt3YwSAP8E7w5IMsL Y7
@Alternate Data Stream - 1223 bytes -> C:\ProgramData\Microsoft:7pkwkb2Frp5TvCGDejtV83i5N
@Alternate Data Stream - 1183 bytes -> C:\ProgramData\Microsoft:HOojxnwwQcS8b9ik
@Alternate Data Stream - 1177 bytes -> C:\ProgramData\Microsoft:tBjBEaMwUv9y8pAjOFGPcO7Se iL7
< End of report >
         
--- --- ---

Hijack This

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:33:19, on 12.09.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe
C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\explorer.exe
C:\Program Files\Opera\opera.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Users\Sawdust\Desktop\OTL.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sawdust\Desktop\HiJackThis204.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [win32dll] C:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AVMUSBFernanschluss] C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\AVMAutoStart.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: monmvr32.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
O4 - Global Startup: FP10 Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/red...k-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: Google Update Service (gupdate1ca28ce9bf43f90) (gupdate1ca28ce9bf43f90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10619 bytes
         
--- --- ---

Und Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4600

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

12.09.2010 17:30:44
mbam-log-2010-09-12 (17-30-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145224
Laufzeit: 6 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Windows\System32\Complder.dll (Trojan.PWS.Gen) -> No action taken.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\Complder.dll (Trojan.PWS.Gen) -> No action taken.
C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\monmvr32.exe (Trojan.Downloader) -> No action taken.
C:\Windows\system32\Drivers\ukwbl.sys (Rootkit.Bubnix) -> No action taken.
C:\Users\Sawdust\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.





War es das mit meinem System, oder kann man da noch etwas machen? Ich bin auf die Programme des Rechners sehr angewiesen! =( Danke an alle die mir helfen, ich weiss das sehr sehr zu schätzen!

LG

Alt 13.09.2010, 13:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________

__________________

Alt 14.09.2010, 18:07   #3
Sawdust
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Ok hier das Log vom Vollscan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4608

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

14.09.2010 19:03:54
mbam-log-2010-09-14 (19-03-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 351364
Laufzeit: 2 Stunde(n), 43 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Sawdust\AppData\Local\Opera\Opera\cache\g_001A\opr03L27.tmp (Trojan.Dropper.PGen) -> No action taken.
C:\Windows\System32\drivers\ukwbl.sys (Rootkit.Bubnix) -> No action taken.


Beim ersten Scan hatte ich die Fehler behoben, drum sind es jetzt nurnoch die beiden.
Hoffe ihr könnt mir helfen! =(
__________________

Alt 14.09.2010, 18:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Hast die Funde entfernt?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.09.2010, 18:18   #5
Sawdust
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Nein dieses mal nicht. Der Rootkit lässt sich scheinbar so nicht entfernen, da er beim ersten Suchlauf auch mit da war.

EDIT: Ich hab das Prog aber noch offen und kann sie entfernen wenn ich das soll.


Geändert von Sawdust (14.09.2010 um 18:28 Uhr)

Alt 14.09.2010, 18:33   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Ja bitte immer alle Funde mit Malwarebytes löschen.
Mach danach ein neues OTL-Log (OTL.txt)
__________________
--> Und nochjemand mit Rootkit RKIT/Agent.biiu :(

Alt 14.09.2010, 19:26   #7
Sawdust
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Ok, der Rootkit ist immernoch da. Rest ist clean! Kommt auch keine Fehlermeldung mehr beim Start.

Hier die OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.09.2010 20:20:57 - Run 2
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\Sawdust\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 5,16 Gb Free Space | 3,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 145,97 Gb Total Space | 19,80 Gb Free Space | 13,56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SAWDUSTMOBIL
Current User Name: Sawdust
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
PRC - [2010.04.29 12:19:18 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ6.5\ICQ.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.06.25 09:05:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008.04.26 15:57:06 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.04.22 11:44:00 | 000,648,520 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008.04.18 19:27:40 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008.04.17 10:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2008.04.17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008.04.17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008.04.14 23:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.03.31 19:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008.01.21 04:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007.12.11 04:59:40 | 000,307,200 | ---- | M] (Team H2O) -- C:\Programme\Syncrosoft\POS\H2O\cledx.exe
PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.10.10 17:36:42 | 001,126,400 | ---- | M] (PreSonus Audio Electronics) -- C:\Programme\PreSonus\1394AudioDriver_FP10\FP10.exe
PRC - [2007.10.10 17:28:48 | 001,126,400 | ---- | M] (PreSonus Audio Electronics) -- C:\Programme\PreSonus\1394AudioDriver_FirePod\FirePod.exe
PRC - [2007.08.24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
MOD - [2008.01.21 04:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:24:11 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0867D.tmp -- (yjboizih)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0BF19.tmp -- (vhvumskf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\08803.tmp -- (tmybvqlj)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\09819.tmp -- (luiznhmes)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0273E.tmp -- (kavdhnkn)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys -- (EraserUtilDrv10920)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\emusba10.sys -- (emusba10)
DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.12.10 12:55:15 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.19 23:52:54 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.23 23:35:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2008.12.04 03:01:50 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.09.08 13:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008.07.18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.06.20 06:37:06 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.06.12 12:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.23 17:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.15 04:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.04.04 11:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008.03.25 13:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 11:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.03.04 19:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.01.22 20:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.29 18:58:56 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.11.29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.18 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.09 17:32:24 | 000,123,440 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pae_1394.sys -- (pae_1394)
DRV - [2007.10.09 17:32:24 | 000,051,248 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pae_avs.sys -- (pae_avs)
DRV - [2007.10.02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.08.29 15:50:46 | 000,039,296 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224Wdm.sys -- (Us224WdmService)
DRV - [2007.08.29 15:50:34 | 000,018,176 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224DL.sys -- (US224DL)
DRV - [2007.08.29 15:50:02 | 000,150,272 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224.sys -- (US224)
DRV - [2007.08.07 06:26:14 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.08.02 09:52:50 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.08.02 09:51:18 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.08.02 09:51:08 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.04.09 17:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2005.01.07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe File not found
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [win32dll] C:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.05Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\AutoRun\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\open\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: icachone - (C:\Windows\system32\Complder.dll) - C:\Windows\System32\Complder.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.09.12 17:32:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
[2010.09.12 17:23:01 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\Malwarebytes
[2010.09.12 17:22:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.12 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.12 17:22:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.12 17:22:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.12 17:18:23 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
[2010.09.12 17:15:28 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Sawdust\Desktop\mbam-setup.exe
[2010.09.09 19:59:40 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\INRES.DLL
[2010.09.09 19:59:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Data
[2010.09.04 17:40:23 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\Final_4-4
[2010.09.04 17:40:21 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\Final_3-4
[2010.09.04 17:40:16 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\Final_2-4
[2010.09.04 17:40:12 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\Final_1-4
[2010.09.01 11:48:31 | 000,000,000 | ---D | C] -- C:\Programme\TransMac
[2010.09.01 11:48:17 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\tranmak_7.5
[2010.08.26 11:12:37 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\Trillium Lane
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Local\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010.08.26 10:49:15 | 000,000,000 | ---D | C] -- C:\Programme\InterLok
[2010.08.26 10:43:40 | 000,630,784 | ---- | C] (PACE Anti-Piracy) -- C:\Windows\System32\ilinet.dll
[2010.08.26 10:43:37 | 000,097,808 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Windows\System32\drivers\Dalwdm.sys
[2010.08.26 10:43:37 | 000,016,400 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Windows\System32\drivers\diginet.sys
[2010.08.02 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Documents\Nero
[2004.12.13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System32\RCCOLLAB.DLL
 
========== Files - Modified Within 90 Days ==========
 
[2010.09.14 20:22:12 | 002,883,584 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT
[2010.09.14 20:21:55 | 000,585,504 | ---- | M] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.14 20:21:20 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.09.14 20:15:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.14 19:42:46 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.09.14 19:42:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 19:42:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 19:42:37 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.14 19:42:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.14 19:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.14 19:42:30 | 3077,451,776 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.14 19:41:09 | 000,524,288 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 19:41:09 | 000,065,536 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010.09.14 19:41:07 | 002,729,601 | -H-- | M] () -- C:\Users\Sawdust\AppData\Local\IconCache.db
[2010.09.12 17:32:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
[2010.09.12 17:22:57 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
[2010.09.12 17:15:54 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Sawdust\Desktop\mbam-setup.exe
[2010.09.11 22:01:18 | 000,000,008 | ---- | M] () -- C:\Windows\System32\mssrv32.vxd
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2010.09.11 22:00:42 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2010.09.11 22:00:42 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2010.09.11 17:24:49 | 000,000,024 | ---- | M] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
[2010.09.09 19:59:08 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.09 19:59:07 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.09 19:59:07 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.09 19:59:07 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.09 19:59:07 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.06 21:56:24 | 312,018,752 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.06 17:51:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2010.09.01 11:48:32 | 000,000,809 | ---- | M] () -- C:\Users\Sawdust\Desktop\TransMac.lnk
[2010.09.01 11:47:07 | 001,873,596 | ---- | M] () -- C:\Users\Sawdust\Desktop\tranmak_7.5.rar
[2010.08.26 11:35:26 | 000,101,064 | ---- | M] () -- C:\Users\Sawdust\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.26 11:34:11 | 000,376,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.23 15:55:07 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\msocreg32.dat
[2010.07.28 23:58:29 | 000,077,312 | ---- | M] () -- C:\Users\Sawdust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2010.09.12 17:22:57 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 17:25:36 | 000,585,504 | ---- | C] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.11 17:24:34 | 000,000,024 | ---- | C] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
[2010.09.06 17:51:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2010.09.01 11:48:32 | 000,000,809 | ---- | C] () -- C:\Users\Sawdust\Desktop\TransMac.lnk
[2010.09.01 11:47:07 | 001,873,596 | ---- | C] () -- C:\Users\Sawdust\Desktop\tranmak_7.5.rar
[2010.08.26 10:43:38 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2010.08.01 21:48:17 | 000,000,013 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.09.13 16:36:43 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2009.07.30 14:15:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.30 12:33:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.07.09 11:28:17 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.11 16:32:08 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009.06.01 11:27:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009.05.20 00:17:07 | 000,000,419 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.05.17 14:00:18 | 000,001,356 | ---- | C] () -- C:\Users\Sawdust\AppData\Local\d3d9caps.dat
[2009.05.07 16:38:09 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.05.01 23:10:53 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.01 23:10:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.04.29 13:39:47 | 000,491,520 | ---- | C] () -- C:\Windows\System32\libencdec.dll
[2009.04.23 23:40:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2009.04.23 23:35:26 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.04.23 23:20:16 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009.04.23 23:15:46 | 000,905,290 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009.04.22 21:56:01 | 000,077,312 | ---- | C] () -- C:\Users\Sawdust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.26 08:16:28 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.25 23:09:53 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.08.25 23:09:52 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.08.25 23:09:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.08.25 23:09:52 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.25 23:07:26 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.08.25 23:04:38 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.08.25 23:04:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== LOP Check ==========
 
[2009.10.10 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Antares Design
[2009.04.29 13:39:47 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Audio Ease
[2009.08.12 17:56:44 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Canneverbe_Limited
[2009.06.01 12:36:43 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Canon
[2009.04.23 23:49:19 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\DAEMON Tools Lite
[2009.05.25 10:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\ePaperPress
[2010.09.11 17:42:05 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\ICQ
[2009.04.22 09:23:33 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Opera
[2010.08.26 11:10:51 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\PACE Anti-Piracy
[2009.07.19 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Propellerhead Software
[2009.04.23 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Steinberg
[2009.05.27 15:56:03 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Toshiba
[2010.08.26 11:12:37 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Trillium Lane
[2010.09.14 19:41:12 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:94B1D287B21E9A83
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Xí:ˆácpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\,ð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nw²wNwºÔIvØôVpctlsp.log
@Alternate Data Stream - 1374 bytes -> C:\ProgramData\Microsoft:7EvseLvdLbmzATL9
@Alternate Data Stream - 1360 bytes -> C:\Users\Sawdust\AppData\Local\Temp:5z6STY7n3QGFJSNMD
@Alternate Data Stream - 1292 bytes -> C:\Users\Sawdust\AppData\Local\Temp:v9Sl0NtmUrjY9oGGBo9V
@Alternate Data Stream - 1274 bytes -> C:\Program Files\Common Files\microsoft shared:GpKA9BXuOZ6ZBpA1iHHV
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 1232 bytes -> C:\ProgramData\Microsoft:0gUAintNrt3YwSAP8E7w5IMsLY7
@Alternate Data Stream - 1223 bytes -> C:\ProgramData\Microsoft:7pkwkb2Frp5TvCGDejtV83i5N
@Alternate Data Stream - 1183 bytes -> C:\ProgramData\Microsoft:HOojxnwwQcS8b9ik
@Alternate Data Stream - 1177 bytes -> C:\ProgramData\Microsoft:tBjBEaMwUv9y8pAjOFGPcO7SeiL7
< End of report >
         
--- --- ---

Alt 14.09.2010, 20:42   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0867D.tmp -- (yjboizih)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0BF19.tmp -- (vhvumskf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\08803.tmp -- (tmybvqlj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\09819.tmp -- (luiznhmes)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0273E.tmp -- (kavdhnkn)
O4 - HKLM..\Run: [win32dll] C:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\AutoRun\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\open\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O36 - AppCertDlls: icachone - (C:\Windows\system32\Complder.dll) - C:\Windows\System32\Complder.dll File not found
[2010.09.14 20:21:55 | 000,585,504 | ---- | M] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.11 22:01:18 | 000,000,008 | ---- | M] () -- C:\Windows\System32\mssrv32.vxd
[2010.09.11 22:01:18 | 000,000,008 | ---- | M] () -- C:\Windows\System32\mssrv32.vxd
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2010.09.11 22:00:42 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2010.09.11 22:00:42 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2010.09.11 17:24:49 | 000,000,024 | ---- | M] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
@Alternate Data Stream - 24 bytes -> C:\Windows:94B1D287B21E9A83
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Xí:ˆácpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\,ð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nw²�wNwºÔIvØôVpctlsp.log
@Alternate Data Stream - 1374 bytes -> C:\ProgramData\Microsoft:7EvseLvdLbmzATL9
@Alternate Data Stream - 1360 bytes -> C:\Users\Sawdust\AppData\Local\Temp:5z6STY7n3QGFJSNMD
@Alternate Data Stream - 1292 bytes -> C:\Users\Sawdust\AppData\Local\Temp:v9Sl0NtmUrjY9oGGBo9V
@Alternate Data Stream - 1274 bytes -> C:\Program Files\Common Files\microsoft shared:GpKA9BXuOZ6ZBpA1iHHV
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 1232 bytes -> C:\ProgramData\Microsoft:0gUAintNrt3YwSAP8E7w5IMsLY7
@Alternate Data Stream - 1223 bytes -> C:\ProgramData\Microsoft:7pkwkb2Frp5TvCGDejtV83i5N
@Alternate Data Stream - 1183 bytes -> C:\ProgramData\Microsoft:HOojxnwwQcS8b9ik
@Alternate Data Stream - 1177 bytes -> C:\ProgramData\Microsoft:tBjBEaMwUv9y8pAjOFGPcO7SeiL7
:Files
C:\Program Files\Advanced Invisible Keylogger

:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.


Danach bitte Folgendes machen, denn ich brauche den Quarantäneordner von OTL:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.09.2010, 21:17   #9
Sawdust
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Ok, ich habe die Zip hochgeladen!

Hier noch das OTL Logfile:

All processes killed
========== OTL ==========
Service yjboizih stopped successfully!
Service yjboizih deleted successfully!
File C:\Windows\System32\0867D.tmp not found.
Service vhvumskf stopped successfully!
Service vhvumskf deleted successfully!
File C:\Windows\System32\0BF19.tmp not found.
Service tmybvqlj stopped successfully!
Service tmybvqlj deleted successfully!
File C:\Windows\System32\08803.tmp not found.
Service luiznhmes stopped successfully!
Service luiznhmes deleted successfully!
File C:\Windows\System32\09819.tmp not found.
Service kavdhnkn stopped successfully!
Service kavdhnkn deleted successfully!
File C:\Windows\System32\0273E.tmp not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\win32dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
C:\Programme\ICQ6.5\ICQ.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
File C:\Programme\ICQ6.5\ICQ.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d301273-5ea3-11df-a797-00037a9b6493}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d301273-5ea3-11df-a797-00037a9b6493}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d3012d1-5ea3-11df-a797-00037a9b6493}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d3012d1-5ea3-11df-a797-00037a9b6493}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ec359b1-5112-11df-8fbd-00037a9b6493}\ not found.
File GORDANA/lakicka.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ec359b1-5112-11df-8fbd-00037a9b6493}\ not found.
File GORDANA/lakicka.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0f48e4-304e-11de-81c3-00238b42cebd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0f48e4-304e-11de-81c3-00238b42cebd}\ not found.
File D:\Launch.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\icachone:C:\Windows\system32\Complder.dll deleted successfully.
File C:\Windows\System32\drivers\ukwbl.sys not found.
C:\Windows\System32\mssrv32.vxd moved successfully.
File C:\Windows\System32\mssrv32.vxd not found.
C:\Windows\System32\Datei4 moved successfully.
C:\Windows\System32\Datei2 moved successfully.
C:\Windows\System32\Datei3 moved successfully.
C:\Windows\System32\Datei1 moved successfully.
C:\Windows\System32\Datei7 moved successfully.
C:\Windows\System32\Datei5 moved successfully.
C:\Windows\System32\Datei0 moved successfully.
C:\Windows\System32\Datei9 moved successfully.
C:\Windows\System32\Datei8 moved successfully.
C:\Windows\System32\Datei10 moved successfully.
C:\Windows\System32\Datei6 moved successfully.
C:\Users\Sawdust\AppData\Roaming\apiqfw.dat moved successfully.
ADS C:\Windows:94B1D287B21E9A83 deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
ADS C:\Windows\System32\Xí:ˆácpctlsp.log deleted successfully.
ADS C:\Windows\System32\,ð:pctlsp.log deleted successfully.
Unable to delete ADS C:\Windows\System32:Nw²�wNwºÔIvØôVpctlsp.log .
ADS C:\ProgramData\Microsoft:7EvseLvdLbmzATL9 deleted successfully.
ADS C:\Users\Sawdust\AppData\Local\Temp:5z6STY7n3QGFJSNMD deleted successfully.
ADS C:\Users\Sawdust\AppData\Local\Temp:v9Sl0NtmUrjY9oGGBo9V deleted successfully.
ADS C:\Program Files\Common Files\microsoft shared:GpKA9BXuOZ6ZBpA1iHHV deleted successfully.
ADS C:\ProgramData\TEMP:1CA73D29 deleted successfully.
ADS C:\ProgramData\Microsoft:0gUAintNrt3YwSAP8E7w5IMsLY7 deleted successfully.
ADS C:\ProgramData\Microsoft:7pkwkb2Frp5TvCGDejtV83i5N deleted successfully.
ADS C:\ProgramData\Microsoft:HOojxnwwQcS8b9ik deleted successfully.
ADS C:\ProgramData\Microsoft:tBjBEaMwUv9y8pAjOFGPcO7SeiL7 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Advanced Invisible Keylogger not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sawdust
->Temp folder emptied: 1155107356 bytes
->Temporary Internet Files folder emptied: 1701641 bytes
->Java cache emptied: 78482157 bytes
->Google Chrome cache emptied: 5946645 bytes
->Opera cache emptied: 251851880 bytes
->Flash cache emptied: 112928 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6643346710 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 37982 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 25494460 bytes
RecycleBin emptied: 2502669639 bytes

Total Files Cleaned = 10.171,00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09142010_220753

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 14.09.2010, 21:46   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.09.2010, 22:23   #11
Sawdust
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Ach man, ich trottel habe es ausversehen gestartet als ich es umbenennen wollte!
Das natürlich bevor ich die anderen Schritte befolgen konnte. Hier aber mal die Logfile, die dabei rausgekommen ist:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-14.01 - Sawdust 14.09.2010  23:08:21.1.2 - x86
Microsoft® Windows Vista™ Business   6.0.6001.1.1252.49.1031.18.2936.2115 [GMT 2:00]
ausgeführt von:: c:\users\Sawdust\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\C
c:\windows\system32\Data
c:\windows\system32\msvcsv60.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-14 bis 2010-09-14  ))))))))))))))))))))))))))))))
.

2010-09-14 20:07 . 2010-09-14 20:07	--------	d-----w-	C:\_OTL
2010-09-12 15:23 . 2010-09-12 15:23	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\Malwarebytes
2010-09-12 15:22 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 15:22 . 2010-09-12 15:22	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-12 15:22 . 2010-09-12 15:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-12 15:22 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-09 17:59 . 2007-11-26 13:07	11776	----a-w-	c:\windows\INRES.DLL
2010-09-01 09:48 . 2010-09-01 09:48	--------	d-----w-	c:\program files\TransMac
2010-08-26 09:12 . 2010-08-26 09:12	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\Trillium Lane
2010-08-26 09:06 . 2010-08-26 09:10	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:10	--------	d-----w-	c:\programdata\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06	--------	d-----w-	c:\users\Sawdust\AppData\Local\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06	--------	d-----w-	c:\program files\Common Files\PACE Anti-Piracy
2010-08-26 08:49 . 2010-08-26 08:49	--------	d-----w-	c:\program files\InterLok
2010-08-17 09:52 . 2010-08-17 09:52	--------	d-----w-	c:\programdata\Syncrosoft

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 21:01 . 2009-11-16 14:15	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\Skype
2010-09-14 20:07 . 2009-04-22 07:54	--------	d-----w-	c:\program files\ICQ6.5
2010-09-11 15:42 . 2009-04-22 07:54	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\ICQ
2010-09-09 17:59 . 2008-08-25 21:09	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-09 17:59 . 2008-01-21 08:31	621952	----a-w-	c:\windows\system32\perfh007.dat
2010-09-09 17:59 . 2008-01-21 08:31	123852	----a-w-	c:\windows\system32\perfc007.dat
2010-09-06 15:51 . 2010-09-06 15:51	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-08-26 09:35 . 2009-04-21 16:12	101064	----a-w-	c:\users\Sawdust\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-26 09:33 . 2009-04-23 21:17	--------	d-----w-	c:\program files\Digidesign
2010-08-26 09:30 . 2009-05-10 14:30	--------	d-----w-	c:\program files\Common Files\Digidesign
2010-08-23 13:55 . 2009-04-22 07:17	--------	d-----w-	c:\program files\Opera
2010-08-20 15:40 . 2009-04-23 21:40	32	----a-w-	c:\windows\msocreg32.dat
2010-08-01 19:48 . 2010-07-25 23:19	--------	d-----w-	c:\programdata\PopCap Games
2010-08-01 19:48 . 2010-08-01 19:48	13	----a-w-	c:\windows\popcinfo.dat
2010-08-01 18:47 . 2010-07-25 22:50	--------	d-----w-	c:\program files\Popcap Game Collection
2010-07-28 21:58 . 2009-05-26 08:13	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\dvdcss
2010-07-25 22:38 . 2010-07-25 22:38	--------	d-----w-	c:\program files\7-Zip
2009-04-15 20:24 . 2009-04-15 20:24	1044480	----a-w-	c:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24	200704	----a-w-	c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"AVMUSBFernanschluss"="c:\users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.05Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe" [2009-05-19 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NDSTray.exe"="NDSTray.exe" [BU]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

c:\users\Sawdust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2009-4-24 1126400]
FP10 Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FP10\FP10.exe [2009-5-3 1126400]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 gupdate1ca28ce9bf43f90;Google Update Service (gupdate1ca28ce9bf43f90);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 97808]
R3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\DRIVERS\emusba10.sys [x]
R3 EraserUtilDrv10920;EraserUtilDrv10920;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 US224;US224 Driver;c:\windows\system32\Drivers\US224.sys [2007-08-29 150272]
R3 US224DL;US224 Firmware Downloader;c:\windows\system32\Drivers\US224DL.sys [2007-08-29 18176]
R3 Us224WdmService;US224 Wdm Audio;c:\windows\system32\Drivers\US224Wdm.sys [2007-08-29 39296]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [x]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-23 721904]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2009-05-19 101248]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - ukwbl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
bjsbhgm
jpkaepi
kniuhdrlg
.
Inhalt des "geplante Tasks" Ordners

2010-09-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-29 08:25]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-DigidesignMMERefresh - c:\program files\Digidesign\Drivers\MMERefresh.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-LingvoSoft Professional Suite 2008 English<->German for Pocket PC - c:\program files\LingvoSoft\LingvoSoft Professional Suite 2008 English-German for Pocket PC\Uninstall.exe
AddRemove-PreSonus 1394 Audio Driver v2.46 (FirePod) Setup - c:\program files\PreSonus\1394AudioDriver_FirePod\uninst.exe Software\PreSonus\1394AudioDriver_FirePod\Setup
AddRemove-PreSonus 1394 Audio Driver v2.46 (FP10) Setup - c:\program files\PreSonus\1394AudioDriver_FP10\uninst.exe Software\PreSonus\1394AudioDriver_FP10\Setup



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-14 23:16
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ukwbl]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-14  23:18:41
ComboFix-quarantined-files.txt  2010-09-14 21:18

Vor Suchlauf: 13 Verzeichnis(se), 14.945.976.320 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 14.657.269.760 Bytes frei

- - End Of File - - 9A7B15A94C3BB920F3B90FC43931EA5F
         
--- --- ---


Vllt hat das ja auch schon was gebracht. Ansonsten sag mir doch bitte ob ich die empfohlenen Schritte nocheinmal durchführen soll. Weil es auf eigene Faust nochmal tun wollte ich jetzt nicht.

Alt 15.09.2010, 10:30   #12
Sawdust
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Gut, hab noch mal CCleaner + Combofix wie in der Beschreibung gestartet.
Das ist die Logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-14.02 - Sawdust 15.09.2010  11:06:37.2.2 - x86
Microsoft® Windows Vista™ Business   6.0.6001.1.1252.49.1031.18.2936.1790 [GMT 2:00]
ausgeführt von:: c:\users\Sawdust\Desktop\cofi.exe.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-15 bis 2010-09-15  ))))))))))))))))))))))))))))))
.

2010-09-15 09:11 . 2010-09-15 09:11	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-09-15 09:11 . 2010-09-15 09:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-15 07:56 . 2010-09-15 07:56	--------	d-----w-	c:\program files\CCleaner
2010-09-14 21:18 . 2010-09-15 09:11	--------	d-----w-	c:\users\Sawdust\AppData\Local\temp
2010-09-14 21:01 . 2010-09-14 21:18	--------	d-----w-	C:\ComboFix
2010-09-14 20:07 . 2010-09-14 20:07	--------	d-----w-	C:\_OTL
2010-09-12 15:23 . 2010-09-12 15:23	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\Malwarebytes
2010-09-12 15:22 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 15:22 . 2010-09-12 15:22	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-12 15:22 . 2010-09-12 15:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-12 15:22 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-09 17:59 . 2007-11-26 13:07	11776	----a-w-	c:\windows\INRES.DLL
2010-09-01 09:48 . 2010-09-01 09:48	--------	d-----w-	c:\program files\TransMac
2010-08-26 09:12 . 2010-08-26 09:12	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\Trillium Lane
2010-08-26 09:06 . 2010-08-26 09:10	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:10	--------	d-----w-	c:\programdata\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06	--------	d-----w-	c:\users\Sawdust\AppData\Local\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06	--------	d-----w-	c:\program files\Common Files\PACE Anti-Piracy
2010-08-26 08:49 . 2010-08-26 08:49	--------	d-----w-	c:\program files\InterLok
2010-08-17 09:52 . 2010-08-17 09:52	--------	d-----w-	c:\programdata\Syncrosoft

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 06:10 . 2009-11-16 14:15	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\Skype
2010-09-14 20:07 . 2009-04-22 07:54	--------	d-----w-	c:\program files\ICQ6.5
2010-09-11 15:42 . 2009-04-22 07:54	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\ICQ
2010-09-09 17:59 . 2008-08-25 21:09	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-09 17:59 . 2008-01-21 08:31	621952	----a-w-	c:\windows\system32\perfh007.dat
2010-09-09 17:59 . 2008-01-21 08:31	123852	----a-w-	c:\windows\system32\perfc007.dat
2010-09-06 15:51 . 2010-09-06 15:51	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-08-26 09:35 . 2009-04-21 16:12	101064	----a-w-	c:\users\Sawdust\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-26 09:33 . 2009-04-23 21:17	--------	d-----w-	c:\program files\Digidesign
2010-08-26 09:30 . 2009-05-10 14:30	--------	d-----w-	c:\program files\Common Files\Digidesign
2010-08-23 13:55 . 2009-04-22 07:17	--------	d-----w-	c:\program files\Opera
2010-08-20 15:40 . 2009-04-23 21:40	32	----a-w-	c:\windows\msocreg32.dat
2010-08-01 19:48 . 2010-07-25 23:19	--------	d-----w-	c:\programdata\PopCap Games
2010-08-01 19:48 . 2010-08-01 19:48	13	----a-w-	c:\windows\popcinfo.dat
2010-08-01 18:47 . 2010-07-25 22:50	--------	d-----w-	c:\program files\Popcap Game Collection
2010-07-28 21:58 . 2009-05-26 08:13	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\dvdcss
2010-07-25 22:38 . 2010-07-25 22:38	--------	d-----w-	c:\program files\7-Zip
2009-04-15 20:24 . 2009-04-15 20:24	1044480	----a-w-	c:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24	200704	----a-w-	c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-09-14_21.16.19   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-15 06:13	65320              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-21 16:13 . 2010-09-15 06:13	15748              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3003140569-26490700-2488630799-1000_UserData.bin
- 2009-04-21 16:12 . 2010-09-14 18:21	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-21 16:12 . 2010-09-15 07:56	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 07:56 . 2010-09-15 07:56	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-21 16:12 . 2010-09-15 07:56	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-21 16:12 . 2010-09-14 18:21	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 06:09 . 2010-09-15 06:09	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-14 21:02 . 2010-09-14 21:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-14 21:02 . 2010-09-14 21:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-15 06:09 . 2010-09-15 06:09	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-21 16:37 . 2010-09-15 08:52	901478              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2010-09-15 06:13	154970              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:22 . 2010-09-15 07:36	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2010-06-23 01:46	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-04-21 16:37 . 2010-09-14 22:23	2325696              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-04-21 16:37 . 2010-09-14 21:01	2325696              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-15 09:03 . 2010-09-15 09:03	6328320              c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-05-14 16:11 . 2010-09-15 07:37	168702297              c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"AVMUSBFernanschluss"="c:\users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.05Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe" [2009-05-19 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NDSTray.exe"="NDSTray.exe" [BU]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

c:\users\Sawdust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2009-4-24 1126400]
FP10 Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FP10\FP10.exe [2009-5-3 1126400]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 gupdate1ca28ce9bf43f90;Google Update Service (gupdate1ca28ce9bf43f90);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 97808]
R3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\DRIVERS\emusba10.sys [x]
R3 EraserUtilDrv10920;EraserUtilDrv10920;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 US224;US224 Driver;c:\windows\system32\Drivers\US224.sys [2007-08-29 150272]
R3 US224DL;US224 Firmware Downloader;c:\windows\system32\Drivers\US224DL.sys [2007-08-29 18176]
R3 Us224WdmService;US224 Wdm Audio;c:\windows\system32\Drivers\US224Wdm.sys [2007-08-29 39296]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [x]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-23 721904]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2009-05-19 101248]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - ukwbl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
bjsbhgm
jpkaepi
kniuhdrlg
.
Inhalt des "geplante Tasks" Ordners

2010-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-29 08:25]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-15 11:11
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ukwbl]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4248)
c:\program files\Common Files\Nero\DSFilter\NeFLVSplitter.ax
c:\program files\Common Files\Nero\DSFilter\NeVideo.ax
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\program files\Common Files\Nero\DSFilter\NeResize.ax
c:\program files\Common Files\Nero\DSFilter\NeMP4Splitter.ax
c:\program files\Common Files\Nero\DSFilter\NeSplitter.ax
.
Zeit der Fertigstellung: 2010-09-15  11:13:55
ComboFix-quarantined-files.txt  2010-09-15 09:13
ComboFix2.txt  2010-09-14 21:18

Vor Suchlauf: 18 Verzeichnis(se), 15.249.391.616 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 14.996.619.264 Bytes frei

- - End Of File - - 87BD81401A34572AD935B74EAA6C9AE2
         
--- --- ---

Alt 15.09.2010, 12:08   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ukwbl]

NetSvc::
bjsbhgm
jpkaepi
kniuhdrlg
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.09.2010, 12:30   #14
Sawdust
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Wow danke für deine Hilfe!!!!

Ich hoffe es hat was gebracht:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-14.02 - Sawdust 15.09.2010  13:19:32.3.2 - x86
Microsoft® Windows Vista™ Business   6.0.6001.1.1252.49.1031.18.2936.1839 [GMT 2:00]
ausgeführt von:: c:\users\Sawdust\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\Sawdust\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-15 bis 2010-09-15  ))))))))))))))))))))))))))))))
.

2010-09-15 11:25 . 2010-09-15 11:25	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-09-15 11:25 . 2010-09-15 11:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-15 09:03 . 2010-09-15 09:13	--------	d-----w-	C:\cofi.exe
2010-09-15 07:56 . 2010-09-15 07:56	--------	d-----w-	c:\program files\CCleaner
2010-09-14 21:18 . 2010-09-15 11:26	--------	d-----w-	c:\users\Sawdust\AppData\Local\temp
2010-09-14 21:01 . 2010-09-14 21:18	--------	d-----w-	C:\ComboFix
2010-09-14 20:07 . 2010-09-14 20:07	--------	d-----w-	C:\_OTL
2010-09-12 15:23 . 2010-09-12 15:23	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\Malwarebytes
2010-09-12 15:22 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 15:22 . 2010-09-12 15:22	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-12 15:22 . 2010-09-12 15:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-12 15:22 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-09 17:59 . 2007-11-26 13:07	11776	----a-w-	c:\windows\INRES.DLL
2010-09-01 09:48 . 2010-09-01 09:48	--------	d-----w-	c:\program files\TransMac
2010-08-26 09:12 . 2010-08-26 09:12	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\Trillium Lane
2010-08-26 09:06 . 2010-08-26 09:10	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:10	--------	d-----w-	c:\programdata\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06	--------	d-----w-	c:\users\Sawdust\AppData\Local\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06	--------	d-----w-	c:\program files\Common Files\PACE Anti-Piracy
2010-08-26 08:49 . 2010-08-26 08:49	--------	d-----w-	c:\program files\InterLok
2010-08-17 09:52 . 2010-08-17 09:52	--------	d-----w-	c:\programdata\Syncrosoft

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 09:19 . 2009-11-16 14:15	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\Skype
2010-09-14 20:07 . 2009-04-22 07:54	--------	d-----w-	c:\program files\ICQ6.5
2010-09-11 15:42 . 2009-04-22 07:54	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\ICQ
2010-09-09 17:59 . 2008-08-25 21:09	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-09 17:59 . 2008-01-21 08:31	621952	----a-w-	c:\windows\system32\perfh007.dat
2010-09-09 17:59 . 2008-01-21 08:31	123852	----a-w-	c:\windows\system32\perfc007.dat
2010-09-06 15:51 . 2010-09-06 15:51	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-08-26 09:35 . 2009-04-21 16:12	101064	----a-w-	c:\users\Sawdust\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-26 09:33 . 2009-04-23 21:17	--------	d-----w-	c:\program files\Digidesign
2010-08-26 09:30 . 2009-05-10 14:30	--------	d-----w-	c:\program files\Common Files\Digidesign
2010-08-23 13:55 . 2009-04-22 07:17	--------	d-----w-	c:\program files\Opera
2010-08-20 15:40 . 2009-04-23 21:40	32	----a-w-	c:\windows\msocreg32.dat
2010-08-01 19:48 . 2010-07-25 23:19	--------	d-----w-	c:\programdata\PopCap Games
2010-08-01 19:48 . 2010-08-01 19:48	13	----a-w-	c:\windows\popcinfo.dat
2010-08-01 18:47 . 2010-07-25 22:50	--------	d-----w-	c:\program files\Popcap Game Collection
2010-07-28 21:58 . 2009-05-26 08:13	--------	d-----w-	c:\users\Sawdust\AppData\Roaming\dvdcss
2010-07-25 22:38 . 2010-07-25 22:38	--------	d-----w-	c:\program files\7-Zip
2009-04-15 20:24 . 2009-04-15 20:24	1044480	----a-w-	c:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24	200704	----a-w-	c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-09-14_21.16.19   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-15 09:22	65336              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-21 16:13 . 2010-09-15 09:22	15748              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3003140569-26490700-2488630799-1000_UserData.bin
- 2009-04-21 16:12 . 2010-09-14 18:21	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-21 16:12 . 2010-09-15 07:56	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 07:56 . 2010-09-15 07:56	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-21 16:12 . 2010-09-15 07:56	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-21 16:12 . 2010-09-14 18:21	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 09:19 . 2010-09-15 09:19	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-14 21:02 . 2010-09-14 21:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-15 09:19 . 2010-09-15 09:19	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-14 21:02 . 2010-09-14 21:02	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-21 16:37 . 2010-09-15 11:15	902094              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2010-09-15 09:22	154986              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 10:22 . 2010-06-23 01:46	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2010-09-15 09:17	6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-04-21 16:37 . 2010-09-14 21:01	2325696              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-04-21 16:37 . 2010-09-15 09:17	2325696              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-05-14 16:11 . 2010-09-15 07:37	168702297              c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"AVMUSBFernanschluss"="c:\users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.05Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe" [2009-05-19 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NDSTray.exe"="NDSTray.exe" [BU]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

c:\users\Sawdust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2009-4-24 1126400]
FP10 Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FP10\FP10.exe [2009-5-3 1126400]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 gupdate1ca28ce9bf43f90;Google Update Service (gupdate1ca28ce9bf43f90);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 97808]
R3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\DRIVERS\emusba10.sys [x]
R3 EraserUtilDrv10920;EraserUtilDrv10920;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 US224;US224 Driver;c:\windows\system32\Drivers\US224.sys [2007-08-29 150272]
R3 US224DL;US224 Firmware Downloader;c:\windows\system32\Drivers\US224DL.sys [2007-08-29 18176]
R3 Us224WdmService;US224 Wdm Audio;c:\windows\system32\Drivers\US224Wdm.sys [2007-08-29 39296]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [x]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-23 721904]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2009-05-19 101248]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - ukwbl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners

2010-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-29 08:25]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-15 13:26
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ukwbl]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4544)
c:\program files\Common Files\Nero\DSFilter\NeFLVSplitter.ax
c:\program files\Common Files\Nero\DSFilter\NeVideo.ax
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\program files\Common Files\Nero\DSFilter\NeResize.ax
c:\program files\Common Files\Nero\DSFilter\NeMP4Splitter.ax
c:\program files\Common Files\Nero\DSFilter\NeSplitter.ax
.
Zeit der Fertigstellung: 2010-09-15  13:27:40
ComboFix-quarantined-files.txt  2010-09-15 11:27
ComboFix2.txt  2010-09-15 09:13
ComboFix3.txt  2010-09-14 21:18

Vor Suchlauf: 19 Verzeichnis(se), 13.486.977.024 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 13.451.001.856 Bytes frei

- - End Of File - - 29C6E22F71CA6D61287920A7773302F0
         
--- --- ---

Alt 15.09.2010, 14:16   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Und nochjemand mit Rootkit RKIT/Agent.biiu :(
0 bytes, acroiehelper.dll, alternate, antivir, antivir guard, autorun, avgntflt.sys, avira, bho, browser, cdburnerxp, corp./icp, ebay, excel.exe, hijack, hijack this, hijackthis, home, iastor.sys, jusched.exe, local\temp, location, nicht gefunden, nvstor.sys, object, oldtimer, otl logfile, plug-in, programdata, programm, quelldatei, registry, rkit/agent.biiu, rootkit, rundll, saver, senden, service pack 1, software, sptd.sys, start menu, symantec, system, trojan, virus, vista, windows




Ähnliche Themen: Und nochjemand mit Rootkit RKIT/Agent.biiu :(


  1. rkit/agent.dfjv
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (33)
  2. TR/Agent.AOXU und RKIT/Agent.depg.1
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (3)
  3. RKIT/Agent.AW
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (1)
  4. RKIT/Agent.biiu befall
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (11)
  5. rkit/Agent.biiu root kit
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (28)
  6. RKIT/Agent.biiu - Noch ein betroffener
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (46)
  7. RKIT/Agent.biiu entfernt oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (1)
  8. Avira meldet RKIT/Agent.biiu befall!
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (27)
  9. RKIT/agent.biiu, TR/agent.ruo, TR/Crypt.ZPACK.Gen alle guten Dinge sind drei hahahaha
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (25)
  10. Rootkit RKIT/Bubnix.S in C:\Windows\System32\drivers\...sys gefunden
    Log-Analyse und Auswertung - 20.05.2010 (3)
  11. Rootkit RKIT/Kryptic.763904 wurde gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (7)
  12. Rootkit RKIT/Kryptic entfernen
    Anleitungen, FAQs & Links - 10.01.2010 (2)
  13. TR/Crypt.XDR.gen, Rootkit.Kobcka.B, Trojan/Win32.Agent, Rootkit-Agent.CW atd.
    Plagegeister aller Art und deren Bekämpfung - 11.04.2009 (1)
  14. Rootkit (RKIT/Agent.483856) in system32
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (4)
  15. RKIT/Agent.WK
    Plagegeister aller Art und deren Bekämpfung - 21.02.2008 (1)
  16. Trojaner TR/RKit.Agent.BK
    Log-Analyse und Auswertung - 03.03.2006 (5)
  17. TR/RKit.Agent.Q
    Plagegeister aller Art und deren Bekämpfung - 14.07.2005 (9)

Zum Thema Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Hey, seit einem gestrigen Neustart zeigt mein Windows Vista System die ein oder andere komische Treiber Fehlermeldung beim hochfahren. Meine Firewire Audiogeräte funktionieren nicht mehr wie sie sollen. Ein Suchlauf - Und nochjemand mit Rootkit RKIT/Agent.biiu :(...
Archiv
Du betrachtest: Und nochjemand mit Rootkit RKIT/Agent.biiu :( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.