Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Und nochjemand mit Rootkit RKIT/Agent.biiu :( (https://www.trojaner-board.de/90700-nochjemand-rootkit-rkit-agent-biiu.html)

Sawdust 12.09.2010 17:35
Und nochjemand mit Rootkit RKIT/Agent.biiu :(
 
Hey,

seit einem gestrigen Neustart zeigt mein Windows Vista System die ein oder andere komische Treiber Fehlermeldung beim hochfahren. Meine Firewire Audiogeräte funktionieren nicht mehr wie sie sollen. Ein Suchlauf mit Antivir brachte folgendes Ergebnis:

Die Datei 'C:\Windows\System32\drivers\ukwbl.sys'
enthielt einen Virus oder unerwünschtes Programm 'RKIT/Agent.biiu' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Fehler in der ARK Library.
Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden.Mögliche Ursache: Ein an das System angeschlossenes Gerät funktioniert nicht.
.

Folgende Logfiles:

OTL:OTL Logfile:
Code:
OTL logfile created on: 12.09.2010 17:38:58 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Sawdust\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 3,46 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 145,97 Gb Total Space | 19,80 Gb Free Space | 13,56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAWDUSTMOBIL
Current User Name: Sawdust
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.09.12 17:32:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
PRC - [2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
PRC - [2010.08.09 15:27:06 | 000,836,464 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
PRC - [2010.04.29 12:19:18 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.12.10 12:55:15 | 000,470,785 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ6.5\ICQ.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.05.19 23:53:03 | 000,207,360 | ---- | M] (AVM Berlin) -- C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.04.26 15:57:06 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.04.22 11:44:00 | 000,648,520 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008.04.18 19:27:52 | 000,316,744 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2008.04.18 19:27:40 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008.04.17 10:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.e xe
PRC - [2008.04.17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008.04.17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008.04.16 16:43:32 | 002,577,736 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008.04.14 23:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.03.31 19:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008.01.21 04:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008.01.09 10:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.10.10 17:36:42 | 001,126,400 | ---- | M] (PreSonus Audio Electronics) -- C:\Programme\PreSonus\1394AudioDriver_FP10\FP10.ex e
PRC - [2007.10.10 17:28:48 | 001,126,400 | ---- | M] (PreSonus Audio Electronics) -- C:\Programme\PreSonus\1394AudioDriver_FirePod\Fire Pod.exe
PRC - [2007.08.24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
MOD - [2010.09.11 17:24:52 | 000,046,592 | -H-- | M] () -- C:\Windows\System32\Complder.dll
MOD - [2008.01.21 04:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:24:11 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0867D.tmp -- (yjboizih)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0BF19.tmp -- (vhvumskf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\08803.tmp -- (tmybvqlj)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\09819.tmp -- (luiznhmes)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0273E.tmp -- (kavdhnkn)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys -- (EraserUtilDrv10920)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\emusba10.sys -- (emusba10)
DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.12.10 12:55:15 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.19 23:52:54 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.23 23:35:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2008.12.04 03:01:50 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.09.08 13:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008.07.18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.06.20 06:37:06 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.06.12 12:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.23 17:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.15 04:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.04.04 11:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008.03.25 13:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 11:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.03.04 19:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.01.22 20:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.29 18:58:56 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.11.29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.18 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.09 17:32:24 | 000,123,440 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pae_1394.sys -- (pae_1394)
DRV - [2007.10.09 17:32:24 | 000,051,248 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pae_avs.sys -- (pae_avs)
DRV - [2007.10.02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.08.29 15:50:46 | 000,039,296 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224Wdm.sys -- (Us224WdmService)
DRV - [2007.08.29 15:50:34 | 000,018,176 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224DL.sys -- (US224DL)
DRV - [2007.08.29 15:50:02 | 000,150,272 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224.sys -- (US224)
DRV - [2007.08.07 06:26:14 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.08.02 09:52:50 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.08.02 09:51:18 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.08.02 09:51:08 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.04.09 17:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2005.01.07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...SEA&bmod=TSEA;
IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...SEA&bmod=TSEA;
IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204 .1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe File not found
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [win32dll] C:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [AVMUSBFernanschluss] C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\monmvr32.exe (SecureNet)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\AutoRun\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\open\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: icachone - (C:\Windows\system32\Complder.dll) - C:\Windows\System32\Complder.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.09.12 17:32:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
[2010.09.12 17:23:01 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\Malwarebytes
[2010.09.12 17:22:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.12 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.12 17:22:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.12 17:22:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.12 17:18:23 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
[2010.09.12 17:15:28 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sawdust\Desktop\mbam-setup.exe
[2010.09.09 19:59:40 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\INRES.DLL
[2010.09.09 19:59:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Data
[2010.09.01 11:48:31 | 000,000,000 | ---D | C] -- C:\Programme\TransMac
[2010.09.01 11:48:17 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\tranmak_7.5
[2010.08.26 11:12:37 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\Trillium Lane
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Local\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010.08.26 10:49:15 | 000,000,000 | ---D | C] -- C:\Programme\InterLok
[2010.08.26 10:43:40 | 000,630,784 | ---- | C] (PACE Anti-Piracy) -- C:\Windows\System32\ilinet.dll
[2010.08.26 10:43:37 | 000,097,808 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Windows\System32\drivers\Dalwdm.sys
[2010.08.26 10:43:37 | 000,016,400 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Windows\System32\drivers\diginet.sys
[2010.08.17 14:39:17 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\RPA3
[2010.08.17 11:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Syncrosoft
[2004.12.13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System32\RCCOLLAB.DLL

========== Files - Modified Within 90 Days ==========

[2010.09.12 17:39:39 | 000,585,504 | ---- | M] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.12 17:39:34 | 002,883,584 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT
[2010.09.12 17:32:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
[2010.09.12 17:30:59 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.09.12 17:22:57 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
[2010.09.12 17:15:54 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sawdust\Desktop\mbam-setup.exe
[2010.09.12 17:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.12 16:54:46 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.09.12 16:50:47 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.12 16:50:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 16:50:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 16:50:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.12 16:50:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.12 16:50:22 | 3079,532,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.12 16:49:01 | 000,524,288 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regt rans-ms
[2010.09.12 16:49:01 | 000,065,536 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010.09.12 16:49:00 | 006,291,456 | -H-- | M] () -- C:\Users\Sawdust\AppData\Local\IconCache.db
[2010.09.11 22:01:18 | 000,000,008 | ---- | M] () -- C:\Windows\System32\mssrv32.vxd
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2010.09.11 22:00:42 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2010.09.11 22:00:42 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2010.09.11 17:24:52 | 000,046,592 | -H-- | M] () -- C:\Windows\System32\Complder.dll
[2010.09.11 17:24:49 | 000,000,024 | ---- | M] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
[2010.09.11 17:23:58 | 000,000,004 | ---- | M] () -- C:\Users\Sawdust\AppData\Roaming\avdrn.dat
[2010.09.09 19:59:08 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.09 19:59:07 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.09 19:59:07 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.09 19:59:07 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.09 19:59:07 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.06 21:56:24 | 312,018,752 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.06 17:51:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_0 0_00.Wdf
[2010.09.01 11:48:32 | 000,000,809 | ---- | M] () -- C:\Users\Sawdust\Desktop\TransMac.lnk
[2010.09.01 11:47:07 | 001,873,596 | ---- | M] () -- C:\Users\Sawdust\Desktop\tranmak_7.5.rar
[2010.08.26 11:35:26 | 000,101,064 | ---- | M] () -- C:\Users\Sawdust\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.26 11:34:11 | 000,376,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.23 15:55:07 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\msocreg32.dat
[2010.08.01 21:48:17 | 000,000,013 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010.07.28 23:58:29 | 000,077,312 | ---- | M] () -- C:\Users\Sawdust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010.09.12 17:22:57 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 17:25:36 | 000,585,504 | ---- | C] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.11 17:24:52 | 000,046,592 | -H-- | C] () -- C:\Windows\System32\Complder.dll
[2010.09.11 17:24:34 | 000,000,024 | ---- | C] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
[2010.09.11 17:23:58 | 000,000,004 | ---- | C] () -- C:\Users\Sawdust\AppData\Roaming\avdrn.dat
[2010.09.06 17:51:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_0 0_00.Wdf
[2010.09.01 11:48:32 | 000,000,809 | ---- | C] () -- C:\Users\Sawdust\Desktop\TransMac.lnk
[2010.09.01 11:47:07 | 001,873,596 | ---- | C] () -- C:\Users\Sawdust\Desktop\tranmak_7.5.rar
[2010.08.26 10:43:38 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009.07.30 14:15:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.30 12:33:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.07.09 11:28:17 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.11 16:32:08 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009.06.01 11:27:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009.05.20 00:17:07 | 000,000,419 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.05.17 14:00:18 | 000,001,356 | ---- | C] () -- C:\Users\Sawdust\AppData\Local\d3d9caps.dat
[2009.05.07 16:38:09 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.05.01 23:10:53 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.01 23:10:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.04.29 13:39:47 | 000,491,520 | ---- | C] () -- C:\Windows\System32\libencdec.dll
[2009.04.23 23:40:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2009.04.23 23:35:26 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.04.23 23:20:16 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009.04.23 23:15:46 | 000,905,290 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009.04.22 21:56:01 | 000,077,312 | ---- | C] () -- C:\Users\Sawdust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.26 08:16:28 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.25 23:09:53 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.08.25 23:09:52 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.08.25 23:09:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.08.25 23:09:52 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.25 23:07:26 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.08.25 23:04:38 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.08.25 23:04:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009.10.10 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Antares Design
[2009.04.29 13:39:47 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Audio Ease
[2009.08.12 17:56:44 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Canneverbe_Limite d
[2009.06.01 12:36:43 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Canon
[2009.04.23 23:49:19 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\DAEMON Tools Lite
[2009.05.25 10:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\ePaperPress
[2010.09.11 17:42:05 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\ICQ
[2009.04.22 09:23:33 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Opera
[2010.08.26 11:10:51 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\PACE Anti-Piracy
[2009.07.19 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Propellerhead Software
[2009.04.23 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Steinberg
[2009.05.27 15:56:03 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Toshiba
[2010.08.26 11:12:37 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Trillium Lane
[2010.09.12 16:49:04 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:94B1D287B21E9A83
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Xí:ˆácpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\,ð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nw²�wNwºÔIvØôVpctlsp.log
@Alternate Data Stream - 1374 bytes -> C:\ProgramData\Microsoft:7EvseLvdLbmzATL9
@Alternate Data Stream - 1360 bytes -> C:\Users\Sawdust\AppData\Local\Temp:5z6STY7n3QGFJS NMD
@Alternate Data Stream - 1292 bytes -> C:\Users\Sawdust\AppData\Local\Temp:v9Sl0NtmUrjY9o GGBo9V
@Alternate Data Stream - 1274 bytes -> C:\Program Files\Common Files\microsoft shared:GpKA9BXuOZ6ZBpA1iHHV
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 1232 bytes -> C:\ProgramData\Microsoft:0gUAintNrt3YwSAP8E7w5IMsL Y7
@Alternate Data Stream - 1223 bytes -> C:\ProgramData\Microsoft:7pkwkb2Frp5TvCGDejtV83i5N
@Alternate Data Stream - 1183 bytes -> C:\ProgramData\Microsoft:HOojxnwwQcS8b9ik
@Alternate Data Stream - 1177 bytes -> C:\ProgramData\Microsoft:tBjBEaMwUv9y8pAjOFGPcO7Se iL7
< End of report >
--- --- ---

Hijack This

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:33:19, on 12.09.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe
C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\explorer.exe
C:\Program Files\Opera\opera.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Users\Sawdust\Desktop\OTL.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sawdust\Desktop\HiJackThis204.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [win32dll] C:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AVMUSBFernanschluss] C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\AVMAutoStart.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: monmvr32.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
O4 - Global Startup: FP10 Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/red...k-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: Google Update Service (gupdate1ca28ce9bf43f90) (gupdate1ca28ce9bf43f90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10619 bytes
--- --- ---

Und Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4600

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

12.09.2010 17:30:44
mbam-log-2010-09-12 (17-30-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145224
Laufzeit: 6 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Windows\System32\Complder.dll (Trojan.PWS.Gen) -> No action taken.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\Complder.dll (Trojan.PWS.Gen) -> No action taken.
C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\monmvr32.exe (Trojan.Downloader) -> No action taken.
C:\Windows\system32\Drivers\ukwbl.sys (Rootkit.Bubnix) -> No action taken.
C:\Users\Sawdust\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.





War es das mit meinem System, oder kann man da noch etwas machen? Ich bin auf die Programme des Rechners sehr angewiesen! =( Danke an alle die mir helfen, ich weiss das sehr sehr zu schätzen!

LG

cosinus 13.09.2010 13:18
Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Sawdust 14.09.2010 18:07
Ok hier das Log vom Vollscan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4608

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

14.09.2010 19:03:54
mbam-log-2010-09-14 (19-03-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 351364
Laufzeit: 2 Stunde(n), 43 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Sawdust\AppData\Local\Opera\Opera\cache\g_001A\opr03L27.tmp (Trojan.Dropper.PGen) -> No action taken.
C:\Windows\System32\drivers\ukwbl.sys (Rootkit.Bubnix) -> No action taken.


Beim ersten Scan hatte ich die Fehler behoben, drum sind es jetzt nurnoch die beiden.
Hoffe ihr könnt mir helfen! =(

cosinus 14.09.2010 18:14
Hast die Funde entfernt?

Sawdust 14.09.2010 18:18
Nein dieses mal nicht. Der Rootkit lässt sich scheinbar so nicht entfernen, da er beim ersten Suchlauf auch mit da war.

EDIT: Ich hab das Prog aber noch offen und kann sie entfernen wenn ich das soll.

cosinus 14.09.2010 18:33
Ja bitte immer alle Funde mit Malwarebytes löschen.
Mach danach ein neues OTL-Log (OTL.txt)

Sawdust 14.09.2010 19:26
Ok, der Rootkit ist immernoch da. Rest ist clean! Kommt auch keine Fehlermeldung mehr beim Start.

Hier die OTL:OTL Logfile:
Code:
OTL logfile created on: 14.09.2010 20:20:57 - Run 2
OTL by OldTimer - Version 3.2.12.0    Folder = C:\Users\Sawdust\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 5,16 Gb Free Space | 3,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 145,97 Gb Total Space | 19,80 Gb Free Space | 13,56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SAWDUSTMOBIL
Current User Name: Sawdust
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
PRC - [2010.04.29 12:19:18 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ6.5\ICQ.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.06.25 09:05:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008.04.26 15:57:06 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.04.22 11:44:00 | 000,648,520 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008.04.18 19:27:40 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008.04.17 10:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2008.04.17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008.04.17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008.04.14 23:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.03.31 19:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008.01.21 04:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007.12.11 04:59:40 | 000,307,200 | ---- | M] (Team H2O) -- C:\Programme\Syncrosoft\POS\H2O\cledx.exe
PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.10.10 17:36:42 | 001,126,400 | ---- | M] (PreSonus Audio Electronics) -- C:\Programme\PreSonus\1394AudioDriver_FP10\FP10.exe
PRC - [2007.10.10 17:28:48 | 001,126,400 | ---- | M] (PreSonus Audio Electronics) -- C:\Programme\PreSonus\1394AudioDriver_FirePod\FirePod.exe
PRC - [2007.08.24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
MOD - [2008.01.21 04:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:24:11 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0867D.tmp -- (yjboizih)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0BF19.tmp -- (vhvumskf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\08803.tmp -- (tmybvqlj)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\09819.tmp -- (luiznhmes)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0273E.tmp -- (kavdhnkn)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys -- (EraserUtilDrv10920)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\emusba10.sys -- (emusba10)
DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.12.10 12:55:15 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.19 23:52:54 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.23 23:35:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2008.12.04 03:01:50 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.09.08 13:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008.07.18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.06.20 06:37:06 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.06.12 12:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.23 17:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.15 04:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.04.04 11:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008.03.25 13:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 11:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.03.04 19:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.01.22 20:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.29 18:58:56 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.11.29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.18 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.09 17:32:24 | 000,123,440 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pae_1394.sys -- (pae_1394)
DRV - [2007.10.09 17:32:24 | 000,051,248 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pae_avs.sys -- (pae_avs)
DRV - [2007.10.02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.08.29 15:50:46 | 000,039,296 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224Wdm.sys -- (Us224WdmService)
DRV - [2007.08.29 15:50:34 | 000,018,176 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224DL.sys -- (US224DL)
DRV - [2007.08.29 15:50:02 | 000,150,272 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224.sys -- (US224)
DRV - [2007.08.07 06:26:14 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.08.02 09:52:50 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.08.02 09:51:18 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.08.02 09:51:08 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.04.09 17:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2005.01.07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe File not found
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [win32dll] C:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.05Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\AutoRun\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\open\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: icachone - (C:\Windows\system32\Complder.dll) - C:\Windows\System32\Complder.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.09.12 17:32:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
[2010.09.12 17:23:01 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\Malwarebytes
[2010.09.12 17:22:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.12 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.12 17:22:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.12 17:22:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.12 17:18:23 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
[2010.09.12 17:15:28 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Sawdust\Desktop\mbam-setup.exe
[2010.09.09 19:59:40 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\INRES.DLL
[2010.09.09 19:59:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Data
[2010.09.04 17:40:23 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\Final_4-4
[2010.09.04 17:40:21 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\Final_3-4
[2010.09.04 17:40:16 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\Final_2-4
[2010.09.04 17:40:12 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\Final_1-4
[2010.09.01 11:48:31 | 000,000,000 | ---D | C] -- C:\Programme\TransMac
[2010.09.01 11:48:17 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\tranmak_7.5
[2010.08.26 11:12:37 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\Trillium Lane
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Local\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010.08.26 10:49:15 | 000,000,000 | ---D | C] -- C:\Programme\InterLok
[2010.08.26 10:43:40 | 000,630,784 | ---- | C] (PACE Anti-Piracy) -- C:\Windows\System32\ilinet.dll
[2010.08.26 10:43:37 | 000,097,808 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Windows\System32\drivers\Dalwdm.sys
[2010.08.26 10:43:37 | 000,016,400 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Windows\System32\drivers\diginet.sys
[2010.08.02 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Documents\Nero
[2004.12.13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System32\RCCOLLAB.DLL
 
========== Files - Modified Within 90 Days ==========
 
[2010.09.14 20:22:12 | 002,883,584 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT
[2010.09.14 20:21:55 | 000,585,504 | ---- | M] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.14 20:21:20 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.09.14 20:15:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.14 19:42:46 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.09.14 19:42:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 19:42:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 19:42:37 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.14 19:42:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.14 19:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.14 19:42:30 | 3077,451,776 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.14 19:41:09 | 000,524,288 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 19:41:09 | 000,065,536 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010.09.14 19:41:07 | 002,729,601 | -H-- | M] () -- C:\Users\Sawdust\AppData\Local\IconCache.db
[2010.09.12 17:32:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
[2010.09.12 17:22:57 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
[2010.09.12 17:15:54 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Sawdust\Desktop\mbam-setup.exe
[2010.09.11 22:01:18 | 000,000,008 | ---- | M] () -- C:\Windows\System32\mssrv32.vxd
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2010.09.11 22:00:42 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2010.09.11 22:00:42 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2010.09.11 17:24:49 | 000,000,024 | ---- | M] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
[2010.09.09 19:59:08 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.09 19:59:07 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.09 19:59:07 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.09 19:59:07 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.09 19:59:07 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.06 21:56:24 | 312,018,752 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.06 17:51:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2010.09.01 11:48:32 | 000,000,809 | ---- | M] () -- C:\Users\Sawdust\Desktop\TransMac.lnk
[2010.09.01 11:47:07 | 001,873,596 | ---- | M] () -- C:\Users\Sawdust\Desktop\tranmak_7.5.rar
[2010.08.26 11:35:26 | 000,101,064 | ---- | M] () -- C:\Users\Sawdust\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.26 11:34:11 | 000,376,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.23 15:55:07 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\msocreg32.dat
[2010.07.28 23:58:29 | 000,077,312 | ---- | M] () -- C:\Users\Sawdust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2010.09.12 17:22:57 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 17:25:36 | 000,585,504 | ---- | C] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.11 17:24:34 | 000,000,024 | ---- | C] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
[2010.09.06 17:51:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2010.09.01 11:48:32 | 000,000,809 | ---- | C] () -- C:\Users\Sawdust\Desktop\TransMac.lnk
[2010.09.01 11:47:07 | 001,873,596 | ---- | C] () -- C:\Users\Sawdust\Desktop\tranmak_7.5.rar
[2010.08.26 10:43:38 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2010.08.01 21:48:17 | 000,000,013 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.09.13 16:36:43 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2009.07.30 14:15:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.30 12:33:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.07.09 11:28:17 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.11 16:32:08 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009.06.01 11:27:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009.05.20 00:17:07 | 000,000,419 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.05.17 14:00:18 | 000,001,356 | ---- | C] () -- C:\Users\Sawdust\AppData\Local\d3d9caps.dat
[2009.05.07 16:38:09 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.05.01 23:10:53 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.01 23:10:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.04.29 13:39:47 | 000,491,520 | ---- | C] () -- C:\Windows\System32\libencdec.dll
[2009.04.23 23:40:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2009.04.23 23:35:26 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.04.23 23:20:16 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009.04.23 23:15:46 | 000,905,290 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009.04.22 21:56:01 | 000,077,312 | ---- | C] () -- C:\Users\Sawdust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.26 08:16:28 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.25 23:09:53 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.08.25 23:09:52 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.08.25 23:09:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.08.25 23:09:52 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.25 23:07:26 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.08.25 23:04:38 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.08.25 23:04:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== LOP Check ==========
 
[2009.10.10 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Antares Design
[2009.04.29 13:39:47 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Audio Ease
[2009.08.12 17:56:44 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Canneverbe_Limited
[2009.06.01 12:36:43 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Canon
[2009.04.23 23:49:19 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\DAEMON Tools Lite
[2009.05.25 10:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\ePaperPress
[2010.09.11 17:42:05 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\ICQ
[2009.04.22 09:23:33 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Opera
[2010.08.26 11:10:51 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\PACE Anti-Piracy
[2009.07.19 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Propellerhead Software
[2009.04.23 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Steinberg
[2009.05.27 15:56:03 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Toshiba
[2010.08.26 11:12:37 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Trillium Lane
[2010.09.14 19:41:12 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:94B1D287B21E9A83
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Xí:ˆácpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\,ð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nw²wNwºÔIvØôVpctlsp.log
@Alternate Data Stream - 1374 bytes -> C:\ProgramData\Microsoft:7EvseLvdLbmzATL9
@Alternate Data Stream - 1360 bytes -> C:\Users\Sawdust\AppData\Local\Temp:5z6STY7n3QGFJSNMD
@Alternate Data Stream - 1292 bytes -> C:\Users\Sawdust\AppData\Local\Temp:v9Sl0NtmUrjY9oGGBo9V
@Alternate Data Stream - 1274 bytes -> C:\Program Files\Common Files\microsoft shared:GpKA9BXuOZ6ZBpA1iHHV
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 1232 bytes -> C:\ProgramData\Microsoft:0gUAintNrt3YwSAP8E7w5IMsLY7
@Alternate Data Stream - 1223 bytes -> C:\ProgramData\Microsoft:7pkwkb2Frp5TvCGDejtV83i5N
@Alternate Data Stream - 1183 bytes -> C:\ProgramData\Microsoft:HOojxnwwQcS8b9ik
@Alternate Data Stream - 1177 bytes -> C:\ProgramData\Microsoft:tBjBEaMwUv9y8pAjOFGPcO7SeiL7
< End of report >
--- --- ---

cosinus 14.09.2010 20:42
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0867D.tmp -- (yjboizih)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0BF19.tmp -- (vhvumskf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\08803.tmp -- (tmybvqlj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\09819.tmp -- (luiznhmes)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0273E.tmp -- (kavdhnkn)
O4 - HKLM..\Run: [win32dll] C:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\AutoRun\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\open\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O36 - AppCertDlls: icachone - (C:\Windows\system32\Complder.dll) - C:\Windows\System32\Complder.dll File not found
[2010.09.14 20:21:55 | 000,585,504 | ---- | M] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.11 22:01:18 | 000,000,008 | ---- | M] () -- C:\Windows\System32\mssrv32.vxd
[2010.09.11 22:01:18 | 000,000,008 | ---- | M] () -- C:\Windows\System32\mssrv32.vxd
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2010.09.11 22:00:42 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2010.09.11 22:00:42 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2010.09.11 17:24:49 | 000,000,024 | ---- | M] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
@Alternate Data Stream - 24 bytes -> C:\Windows:94B1D287B21E9A83
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Xí:ˆácpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\,ð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nw²�wNwºÔIvØôVpctlsp.log
@Alternate Data Stream - 1374 bytes -> C:\ProgramData\Microsoft:7EvseLvdLbmzATL9
@Alternate Data Stream - 1360 bytes -> C:\Users\Sawdust\AppData\Local\Temp:5z6STY7n3QGFJSNMD
@Alternate Data Stream - 1292 bytes -> C:\Users\Sawdust\AppData\Local\Temp:v9Sl0NtmUrjY9oGGBo9V
@Alternate Data Stream - 1274 bytes -> C:\Program Files\Common Files\microsoft shared:GpKA9BXuOZ6ZBpA1iHHV
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 1232 bytes -> C:\ProgramData\Microsoft:0gUAintNrt3YwSAP8E7w5IMsLY7
@Alternate Data Stream - 1223 bytes -> C:\ProgramData\Microsoft:7pkwkb2Frp5TvCGDejtV83i5N
@Alternate Data Stream - 1183 bytes -> C:\ProgramData\Microsoft:HOojxnwwQcS8b9ik
@Alternate Data Stream - 1177 bytes -> C:\ProgramData\Microsoft:tBjBEaMwUv9y8pAjOFGPcO7SeiL7
:Files
C:\Program Files\Advanced Invisible Keylogger

:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.


Danach bitte Folgendes machen, denn ich brauche den Quarantäneordner von OTL:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Sawdust 14.09.2010 21:17
Ok, ich habe die Zip hochgeladen!

Hier noch das OTL Logfile:

All processes killed
========== OTL ==========
Service yjboizih stopped successfully!
Service yjboizih deleted successfully!
File C:\Windows\System32\0867D.tmp not found.
Service vhvumskf stopped successfully!
Service vhvumskf deleted successfully!
File C:\Windows\System32\0BF19.tmp not found.
Service tmybvqlj stopped successfully!
Service tmybvqlj deleted successfully!
File C:\Windows\System32\08803.tmp not found.
Service luiznhmes stopped successfully!
Service luiznhmes deleted successfully!
File C:\Windows\System32\09819.tmp not found.
Service kavdhnkn stopped successfully!
Service kavdhnkn deleted successfully!
File C:\Windows\System32\0273E.tmp not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\win32dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
C:\Programme\ICQ6.5\ICQ.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
File C:\Programme\ICQ6.5\ICQ.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d301273-5ea3-11df-a797-00037a9b6493}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d301273-5ea3-11df-a797-00037a9b6493}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d3012d1-5ea3-11df-a797-00037a9b6493}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d3012d1-5ea3-11df-a797-00037a9b6493}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ec359b1-5112-11df-8fbd-00037a9b6493}\ not found.
File GORDANA/lakicka.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ec359b1-5112-11df-8fbd-00037a9b6493}\ not found.
File GORDANA/lakicka.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0f48e4-304e-11de-81c3-00238b42cebd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0f48e4-304e-11de-81c3-00238b42cebd}\ not found.
File D:\Launch.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\icachone:C:\Windows\system32\Complder.dll deleted successfully.
File C:\Windows\System32\drivers\ukwbl.sys not found.
C:\Windows\System32\mssrv32.vxd moved successfully.
File C:\Windows\System32\mssrv32.vxd not found.
C:\Windows\System32\Datei4 moved successfully.
C:\Windows\System32\Datei2 moved successfully.
C:\Windows\System32\Datei3 moved successfully.
C:\Windows\System32\Datei1 moved successfully.
C:\Windows\System32\Datei7 moved successfully.
C:\Windows\System32\Datei5 moved successfully.
C:\Windows\System32\Datei0 moved successfully.
C:\Windows\System32\Datei9 moved successfully.
C:\Windows\System32\Datei8 moved successfully.
C:\Windows\System32\Datei10 moved successfully.
C:\Windows\System32\Datei6 moved successfully.
C:\Users\Sawdust\AppData\Roaming\apiqfw.dat moved successfully.
ADS C:\Windows:94B1D287B21E9A83 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Windows\System32\Xí:ˆácpctlsp.log deleted successfully.
ADS C:\Windows\System32\,ð:pctlsp.log deleted successfully.
Unable to delete ADS C:\Windows\System32:Nw²�wNwºÔIvØôVpctlsp.log .
ADS C:\ProgramData\Microsoft:7EvseLvdLbmzATL9 deleted successfully.
ADS C:\Users\Sawdust\AppData\Local\Temp:5z6STY7n3QGFJSNMD deleted successfully.
ADS C:\Users\Sawdust\AppData\Local\Temp:v9Sl0NtmUrjY9oGGBo9V deleted successfully.
ADS C:\Program Files\Common Files\microsoft shared:GpKA9BXuOZ6ZBpA1iHHV deleted successfully.
ADS C:\ProgramData\TEMP:1CA73D29 deleted successfully.
ADS C:\ProgramData\Microsoft:0gUAintNrt3YwSAP8E7w5IMsLY7 deleted successfully.
ADS C:\ProgramData\Microsoft:7pkwkb2Frp5TvCGDejtV83i5N deleted successfully.
ADS C:\ProgramData\Microsoft:HOojxnwwQcS8b9ik deleted successfully.
ADS C:\ProgramData\Microsoft:tBjBEaMwUv9y8pAjOFGPcO7SeiL7 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Advanced Invisible Keylogger not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sawdust
->Temp folder emptied: 1155107356 bytes
->Temporary Internet Files folder emptied: 1701641 bytes
->Java cache emptied: 78482157 bytes
->Google Chrome cache emptied: 5946645 bytes
->Opera cache emptied: 251851880 bytes
->Flash cache emptied: 112928 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6643346710 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 37982 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 25494460 bytes
RecycleBin emptied: 2502669639 bytes

Total Files Cleaned = 10.171,00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09142010_220753

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 14.09.2010 21:46
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Sawdust 14.09.2010 22:23
Ach man, ich trottel habe es ausversehen gestartet als ich es umbenennen wollte! :stirn:
Das natürlich bevor ich die anderen Schritte befolgen konnte. Hier aber mal die Logfile, die dabei rausgekommen ist:

Combofix Logfile:
Code:
ComboFix 10-09-14.01 - Sawdust 14.09.2010  23:08:21.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6001.1.1252.49.1031.18.2936.2115 [GMT 2:00]
ausgeführt von:: c:\users\Sawdust\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\C
c:\windows\system32\Data
c:\windows\system32\msvcsv60.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-14 bis 2010-09-14  ))))))))))))))))))))))))))))))
.

2010-09-14 20:07 . 2010-09-14 20:07        --------        d-----w-        C:\_OTL
2010-09-12 15:23 . 2010-09-12 15:23        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\Malwarebytes
2010-09-12 15:22 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 15:22 . 2010-09-12 15:22        --------        d-----w-        c:\programdata\Malwarebytes
2010-09-12 15:22 . 2010-09-12 15:22        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-09-12 15:22 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-09 17:59 . 2007-11-26 13:07        11776        ----a-w-        c:\windows\INRES.DLL
2010-09-01 09:48 . 2010-09-01 09:48        --------        d-----w-        c:\program files\TransMac
2010-08-26 09:12 . 2010-08-26 09:12        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\Trillium Lane
2010-08-26 09:06 . 2010-08-26 09:10        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:10        --------        d-----w-        c:\programdata\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06        --------        d-----w-        c:\users\Sawdust\AppData\Local\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06        --------        d-----w-        c:\program files\Common Files\PACE Anti-Piracy
2010-08-26 08:49 . 2010-08-26 08:49        --------        d-----w-        c:\program files\InterLok
2010-08-17 09:52 . 2010-08-17 09:52        --------        d-----w-        c:\programdata\Syncrosoft

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 21:01 . 2009-11-16 14:15        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\Skype
2010-09-14 20:07 . 2009-04-22 07:54        --------        d-----w-        c:\program files\ICQ6.5
2010-09-11 15:42 . 2009-04-22 07:54        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\ICQ
2010-09-09 17:59 . 2008-08-25 21:09        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-09-09 17:59 . 2008-01-21 08:31        621952        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-09 17:59 . 2008-01-21 08:31        123852        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-06 15:51 . 2010-09-06 15:51        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-08-26 09:35 . 2009-04-21 16:12        101064        ----a-w-        c:\users\Sawdust\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-26 09:33 . 2009-04-23 21:17        --------        d-----w-        c:\program files\Digidesign
2010-08-26 09:30 . 2009-05-10 14:30        --------        d-----w-        c:\program files\Common Files\Digidesign
2010-08-23 13:55 . 2009-04-22 07:17        --------        d-----w-        c:\program files\Opera
2010-08-20 15:40 . 2009-04-23 21:40        32        ----a-w-        c:\windows\msocreg32.dat
2010-08-01 19:48 . 2010-07-25 23:19        --------        d-----w-        c:\programdata\PopCap Games
2010-08-01 19:48 . 2010-08-01 19:48        13        ----a-w-        c:\windows\popcinfo.dat
2010-08-01 18:47 . 2010-07-25 22:50        --------        d-----w-        c:\program files\Popcap Game Collection
2010-07-28 21:58 . 2009-05-26 08:13        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\dvdcss
2010-07-25 22:38 . 2010-07-25 22:38        --------        d-----w-        c:\program files\7-Zip
2009-04-15 20:24 . 2009-04-15 20:24        1044480        ----a-w-        c:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24        200704        ----a-w-        c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"AVMUSBFernanschluss"="c:\users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.05Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe" [2009-05-19 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NDSTray.exe"="NDSTray.exe" [BU]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

c:\users\Sawdust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2009-4-24 1126400]
FP10 Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FP10\FP10.exe [2009-5-3 1126400]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 gupdate1ca28ce9bf43f90;Google Update Service (gupdate1ca28ce9bf43f90);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 97808]
R3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\DRIVERS\emusba10.sys [x]
R3 EraserUtilDrv10920;EraserUtilDrv10920;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 US224;US224 Driver;c:\windows\system32\Drivers\US224.sys [2007-08-29 150272]
R3 US224DL;US224 Firmware Downloader;c:\windows\system32\Drivers\US224DL.sys [2007-08-29 18176]
R3 Us224WdmService;US224 Wdm Audio;c:\windows\system32\Drivers\US224Wdm.sys [2007-08-29 39296]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [x]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-23 721904]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2009-05-19 101248]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - ukwbl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
bjsbhgm
jpkaepi
kniuhdrlg
.
Inhalt des "geplante Tasks" Ordners

2010-09-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-29 08:25]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-DigidesignMMERefresh - c:\program files\Digidesign\Drivers\MMERefresh.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-LingvoSoft Professional Suite 2008 English<->German for Pocket PC - c:\program files\LingvoSoft\LingvoSoft Professional Suite 2008 English-German for Pocket PC\Uninstall.exe
AddRemove-PreSonus 1394 Audio Driver v2.46 (FirePod) Setup - c:\program files\PreSonus\1394AudioDriver_FirePod\uninst.exe Software\PreSonus\1394AudioDriver_FirePod\Setup
AddRemove-PreSonus 1394 Audio Driver v2.46 (FP10) Setup - c:\program files\PreSonus\1394AudioDriver_FP10\uninst.exe Software\PreSonus\1394AudioDriver_FP10\Setup



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-14 23:16
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ukwbl]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-14  23:18:41
ComboFix-quarantined-files.txt  2010-09-14 21:18

Vor Suchlauf: 13 Verzeichnis(se), 14.945.976.320 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 14.657.269.760 Bytes frei

- - End Of File - - 9A7B15A94C3BB920F3B90FC43931EA5F
--- --- ---


Vllt hat das ja auch schon was gebracht. Ansonsten sag mir doch bitte ob ich die empfohlenen Schritte nocheinmal durchführen soll. Weil es auf eigene Faust nochmal tun wollte ich jetzt nicht.

Sawdust 15.09.2010 10:30
Gut, hab noch mal CCleaner + Combofix wie in der Beschreibung gestartet.
Das ist die Logfile:

Combofix Logfile:
Code:
ComboFix 10-09-14.02 - Sawdust 15.09.2010  11:06:37.2.2 - x86
Microsoft® Windows Vista™ Business  6.0.6001.1.1252.49.1031.18.2936.1790 [GMT 2:00]
ausgeführt von:: c:\users\Sawdust\Desktop\cofi.exe.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-08-15 bis 2010-09-15  ))))))))))))))))))))))))))))))
.

2010-09-15 09:11 . 2010-09-15 09:11        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-09-15 09:11 . 2010-09-15 09:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-09-15 07:56 . 2010-09-15 07:56        --------        d-----w-        c:\program files\CCleaner
2010-09-14 21:18 . 2010-09-15 09:11        --------        d-----w-        c:\users\Sawdust\AppData\Local\temp
2010-09-14 21:01 . 2010-09-14 21:18        --------        d-----w-        C:\ComboFix
2010-09-14 20:07 . 2010-09-14 20:07        --------        d-----w-        C:\_OTL
2010-09-12 15:23 . 2010-09-12 15:23        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\Malwarebytes
2010-09-12 15:22 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 15:22 . 2010-09-12 15:22        --------        d-----w-        c:\programdata\Malwarebytes
2010-09-12 15:22 . 2010-09-12 15:22        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-09-12 15:22 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-09 17:59 . 2007-11-26 13:07        11776        ----a-w-        c:\windows\INRES.DLL
2010-09-01 09:48 . 2010-09-01 09:48        --------        d-----w-        c:\program files\TransMac
2010-08-26 09:12 . 2010-08-26 09:12        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\Trillium Lane
2010-08-26 09:06 . 2010-08-26 09:10        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:10        --------        d-----w-        c:\programdata\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06        --------        d-----w-        c:\users\Sawdust\AppData\Local\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06        --------        d-----w-        c:\program files\Common Files\PACE Anti-Piracy
2010-08-26 08:49 . 2010-08-26 08:49        --------        d-----w-        c:\program files\InterLok
2010-08-17 09:52 . 2010-08-17 09:52        --------        d-----w-        c:\programdata\Syncrosoft

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 06:10 . 2009-11-16 14:15        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\Skype
2010-09-14 20:07 . 2009-04-22 07:54        --------        d-----w-        c:\program files\ICQ6.5
2010-09-11 15:42 . 2009-04-22 07:54        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\ICQ
2010-09-09 17:59 . 2008-08-25 21:09        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-09-09 17:59 . 2008-01-21 08:31        621952        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-09 17:59 . 2008-01-21 08:31        123852        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-06 15:51 . 2010-09-06 15:51        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-08-26 09:35 . 2009-04-21 16:12        101064        ----a-w-        c:\users\Sawdust\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-26 09:33 . 2009-04-23 21:17        --------        d-----w-        c:\program files\Digidesign
2010-08-26 09:30 . 2009-05-10 14:30        --------        d-----w-        c:\program files\Common Files\Digidesign
2010-08-23 13:55 . 2009-04-22 07:17        --------        d-----w-        c:\program files\Opera
2010-08-20 15:40 . 2009-04-23 21:40        32        ----a-w-        c:\windows\msocreg32.dat
2010-08-01 19:48 . 2010-07-25 23:19        --------        d-----w-        c:\programdata\PopCap Games
2010-08-01 19:48 . 2010-08-01 19:48        13        ----a-w-        c:\windows\popcinfo.dat
2010-08-01 18:47 . 2010-07-25 22:50        --------        d-----w-        c:\program files\Popcap Game Collection
2010-07-28 21:58 . 2009-05-26 08:13        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\dvdcss
2010-07-25 22:38 . 2010-07-25 22:38        --------        d-----w-        c:\program files\7-Zip
2009-04-15 20:24 . 2009-04-15 20:24        1044480        ----a-w-        c:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24        200704        ----a-w-        c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((  SnapShot@2010-09-14_21.16.19  )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-15 06:13        65320              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-21 16:13 . 2010-09-15 06:13        15748              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3003140569-26490700-2488630799-1000_UserData.bin
- 2009-04-21 16:12 . 2010-09-14 18:21        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-21 16:12 . 2010-09-15 07:56        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 07:56 . 2010-09-15 07:56        32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-21 16:12 . 2010-09-15 07:56        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-21 16:12 . 2010-09-14 18:21        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 06:09 . 2010-09-15 06:09        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-14 21:02 . 2010-09-14 21:02        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-14 21:02 . 2010-09-14 21:02        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-15 06:09 . 2010-09-15 06:09        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-21 16:37 . 2010-09-15 08:52        901478              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2010-09-15 06:13        154970              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:22 . 2010-09-15 07:36        6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2010-06-23 01:46        6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-04-21 16:37 . 2010-09-14 22:23        2325696              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-04-21 16:37 . 2010-09-14 21:01        2325696              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-15 09:03 . 2010-09-15 09:03        6328320              c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-05-14 16:11 . 2010-09-15 07:37        168702297              c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"AVMUSBFernanschluss"="c:\users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.05Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe" [2009-05-19 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NDSTray.exe"="NDSTray.exe" [BU]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

c:\users\Sawdust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2009-4-24 1126400]
FP10 Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FP10\FP10.exe [2009-5-3 1126400]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 gupdate1ca28ce9bf43f90;Google Update Service (gupdate1ca28ce9bf43f90);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 97808]
R3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\DRIVERS\emusba10.sys [x]
R3 EraserUtilDrv10920;EraserUtilDrv10920;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 US224;US224 Driver;c:\windows\system32\Drivers\US224.sys [2007-08-29 150272]
R3 US224DL;US224 Firmware Downloader;c:\windows\system32\Drivers\US224DL.sys [2007-08-29 18176]
R3 Us224WdmService;US224 Wdm Audio;c:\windows\system32\Drivers\US224Wdm.sys [2007-08-29 39296]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [x]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-23 721904]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2009-05-19 101248]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - ukwbl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
bjsbhgm
jpkaepi
kniuhdrlg
.
Inhalt des "geplante Tasks" Ordners

2010-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-29 08:25]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-15 11:11
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ukwbl]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4248)
c:\program files\Common Files\Nero\DSFilter\NeFLVSplitter.ax
c:\program files\Common Files\Nero\DSFilter\NeVideo.ax
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\program files\Common Files\Nero\DSFilter\NeResize.ax
c:\program files\Common Files\Nero\DSFilter\NeMP4Splitter.ax
c:\program files\Common Files\Nero\DSFilter\NeSplitter.ax
.
Zeit der Fertigstellung: 2010-09-15  11:13:55
ComboFix-quarantined-files.txt  2010-09-15 09:13
ComboFix2.txt  2010-09-14 21:18

Vor Suchlauf: 18 Verzeichnis(se), 15.249.391.616 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 14.996.619.264 Bytes frei

- - End Of File - - 87BD81401A34572AD935B74EAA6C9AE2
--- --- ---

cosinus 15.09.2010 12:08
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ukwbl]

NetSvc::
bjsbhgm
jpkaepi
kniuhdrlg
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Sawdust 15.09.2010 12:30
Wow danke für deine Hilfe!!!!

Ich hoffe es hat was gebracht:

Combofix Logfile:
Code:
ComboFix 10-09-14.02 - Sawdust 15.09.2010  13:19:32.3.2 - x86
Microsoft® Windows Vista™ Business  6.0.6001.1.1252.49.1031.18.2936.1839 [GMT 2:00]
ausgeführt von:: c:\users\Sawdust\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\Sawdust\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-08-15 bis 2010-09-15  ))))))))))))))))))))))))))))))
.

2010-09-15 11:25 . 2010-09-15 11:25        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-09-15 11:25 . 2010-09-15 11:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-09-15 09:03 . 2010-09-15 09:13        --------        d-----w-        C:\cofi.exe
2010-09-15 07:56 . 2010-09-15 07:56        --------        d-----w-        c:\program files\CCleaner
2010-09-14 21:18 . 2010-09-15 11:26        --------        d-----w-        c:\users\Sawdust\AppData\Local\temp
2010-09-14 21:01 . 2010-09-14 21:18        --------        d-----w-        C:\ComboFix
2010-09-14 20:07 . 2010-09-14 20:07        --------        d-----w-        C:\_OTL
2010-09-12 15:23 . 2010-09-12 15:23        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\Malwarebytes
2010-09-12 15:22 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 15:22 . 2010-09-12 15:22        --------        d-----w-        c:\programdata\Malwarebytes
2010-09-12 15:22 . 2010-09-12 15:22        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-09-12 15:22 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-09 17:59 . 2007-11-26 13:07        11776        ----a-w-        c:\windows\INRES.DLL
2010-09-01 09:48 . 2010-09-01 09:48        --------        d-----w-        c:\program files\TransMac
2010-08-26 09:12 . 2010-08-26 09:12        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\Trillium Lane
2010-08-26 09:06 . 2010-08-26 09:10        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:10        --------        d-----w-        c:\programdata\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06        --------        d-----w-        c:\users\Sawdust\AppData\Local\PACE Anti-Piracy
2010-08-26 09:06 . 2010-08-26 09:06        --------        d-----w-        c:\program files\Common Files\PACE Anti-Piracy
2010-08-26 08:49 . 2010-08-26 08:49        --------        d-----w-        c:\program files\InterLok
2010-08-17 09:52 . 2010-08-17 09:52        --------        d-----w-        c:\programdata\Syncrosoft

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 09:19 . 2009-11-16 14:15        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\Skype
2010-09-14 20:07 . 2009-04-22 07:54        --------        d-----w-        c:\program files\ICQ6.5
2010-09-11 15:42 . 2009-04-22 07:54        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\ICQ
2010-09-09 17:59 . 2008-08-25 21:09        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-09-09 17:59 . 2008-01-21 08:31        621952        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-09 17:59 . 2008-01-21 08:31        123852        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-06 15:51 . 2010-09-06 15:51        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-08-26 09:35 . 2009-04-21 16:12        101064        ----a-w-        c:\users\Sawdust\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-26 09:33 . 2009-04-23 21:17        --------        d-----w-        c:\program files\Digidesign
2010-08-26 09:30 . 2009-05-10 14:30        --------        d-----w-        c:\program files\Common Files\Digidesign
2010-08-23 13:55 . 2009-04-22 07:17        --------        d-----w-        c:\program files\Opera
2010-08-20 15:40 . 2009-04-23 21:40        32        ----a-w-        c:\windows\msocreg32.dat
2010-08-01 19:48 . 2010-07-25 23:19        --------        d-----w-        c:\programdata\PopCap Games
2010-08-01 19:48 . 2010-08-01 19:48        13        ----a-w-        c:\windows\popcinfo.dat
2010-08-01 18:47 . 2010-07-25 22:50        --------        d-----w-        c:\program files\Popcap Game Collection
2010-07-28 21:58 . 2009-05-26 08:13        --------        d-----w-        c:\users\Sawdust\AppData\Roaming\dvdcss
2010-07-25 22:38 . 2010-07-25 22:38        --------        d-----w-        c:\program files\7-Zip
2009-04-15 20:24 . 2009-04-15 20:24        1044480        ----a-w-        c:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24        200704        ----a-w-        c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((  SnapShot@2010-09-14_21.16.19  )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-15 09:22        65336              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-21 16:13 . 2010-09-15 09:22        15748              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3003140569-26490700-2488630799-1000_UserData.bin
- 2009-04-21 16:12 . 2010-09-14 18:21        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-21 16:12 . 2010-09-15 07:56        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 07:56 . 2010-09-15 07:56        32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-21 16:12 . 2010-09-15 07:56        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-21 16:12 . 2010-09-14 18:21        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 09:19 . 2010-09-15 09:19        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-14 21:02 . 2010-09-14 21:02        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-15 09:19 . 2010-09-15 09:19        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-14 21:02 . 2010-09-14 21:02        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-21 16:37 . 2010-09-15 11:15        902094              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2010-09-15 09:22        154986              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 10:22 . 2010-06-23 01:46        6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2010-09-15 09:17        6553600              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-04-21 16:37 . 2010-09-14 21:01        2325696              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-04-21 16:37 . 2010-09-15 09:17        2325696              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-05-14 16:11 . 2010-09-15 07:37        168702297              c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"AVMUSBFernanschluss"="c:\users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.05Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe" [2009-05-19 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NDSTray.exe"="NDSTray.exe" [BU]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

c:\users\Sawdust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2009-4-24 1126400]
FP10 Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FP10\FP10.exe [2009-5-3 1126400]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 gupdate1ca28ce9bf43f90;Google Update Service (gupdate1ca28ce9bf43f90);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 97808]
R3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\DRIVERS\emusba10.sys [x]
R3 EraserUtilDrv10920;EraserUtilDrv10920;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 US224;US224 Driver;c:\windows\system32\Drivers\US224.sys [2007-08-29 150272]
R3 US224DL;US224 Firmware Downloader;c:\windows\system32\Drivers\US224DL.sys [2007-08-29 18176]
R3 Us224WdmService;US224 Wdm Audio;c:\windows\system32\Drivers\US224Wdm.sys [2007-08-29 39296]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [x]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-23 721904]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 16400]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2009-05-19 101248]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - ukwbl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners

2010-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-29 08:25]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 17:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-15 13:26
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ukwbl]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4544)
c:\program files\Common Files\Nero\DSFilter\NeFLVSplitter.ax
c:\program files\Common Files\Nero\DSFilter\NeVideo.ax
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\program files\Common Files\Nero\DSFilter\NeResize.ax
c:\program files\Common Files\Nero\DSFilter\NeMP4Splitter.ax
c:\program files\Common Files\Nero\DSFilter\NeSplitter.ax
.
Zeit der Fertigstellung: 2010-09-15  13:27:40
ComboFix-quarantined-files.txt  2010-09-15 11:27
ComboFix2.txt  2010-09-15 09:13
ComboFix3.txt  2010-09-14 21:18

Vor Suchlauf: 19 Verzeichnis(se), 13.486.977.024 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 13.451.001.856 Bytes frei

- - End Of File - - 29C6E22F71CA6D61287920A7773302F0
--- --- ---

cosinus 15.09.2010 14:16
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Sawdust 15.09.2010 15:59
Hier der GMER log:

GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-15 16:56:49
Windows 6.0.6001 Service Pack 1
Running: 6fnl4tvq.exe; Driver: C:\Users\Sawdust\AppData\Local\Temp\kxtcipog.sys


---- System - GMER 1.0.15 ----

SSDT            AEACEF04                                                                                                                              ZwCreateThread
SSDT            AEACEEF0                                                                                                                              ZwOpenProcess
SSDT            AEACEEF5                                                                                                                              ZwOpenThread
SSDT            AEACEEFF                                                                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetTimerEx + 454                                                                                                        82AC6A18 4 Bytes  [04, EF, AC, AE] {ADD AL, 0xef; LODSB ; SCASB }
.text          ntkrnlpa.exe!KeSetTimerEx + 624                                                                                                        82AC6BE8 4 Bytes  [F0, EE, AC, AE]
.text          ntkrnlpa.exe!KeSetTimerEx + 640                                                                                                        82AC6C04 4 Bytes  [F5, EE, AC, AE] {CMC ; OUT DX, AL ; LODSB ; SCASB }
.text          ntkrnlpa.exe!KeSetTimerEx + 854                                                                                                        82AC6E18 4 Bytes  [FF, EE, AC, AE]
?              System32\Drivers\ukwbl.sys                                                                                                            Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                                              section is writeable [0x8AB4F480, 0x3C939, 0xE8000020]
.dsrt          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                                              unknown last section [0x8AB90900, 0x3CA, 0x48000040]
?              C:\Users\Sawdust\AppData\Local\Temp\catchme.sys                                                                                        Das System kann die angegebene Datei nicht finden. !
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                            Das System kann die angegebene Datei nicht finden. !
?              C:\Users\Sawdust\AppData\Local\Temp\mbr.sys                                                                                            Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2640] @ C:\Windows\system32\NETAPI32.dll [PSAPI.DLL!GetModuleBaseNameW]  [7601159E] C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown]                                                  [73D988B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage]                                                  [73DD98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                              [73D9B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                                        [73D8FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup]                                                  [73D97A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                                [73D8EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                    [73DCB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]                                      [73D9BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight]                                              [73D9074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth]                                                [73D906B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage]                                                [73D871B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]                                        [73E1D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                                            [73DB7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                              [73D8E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree]                                                        [73D8697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc]                                                        [73D869A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[4544] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode]                                          [73D92465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                879F1830

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service          (*** hidden *** )                                                                                                                    [BOOT] ukwbl                                                                                                                                                          <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                    C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                    0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                0xF0 0x09 0x9F 0xC1 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                             
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                          0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                        0x5F 0xA7 0xA7 0x25 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                  0xEF 0xEB 0x85 0xE7 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\ukwbl@Type                                                                                      1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\ukwbl@Start                                                                                    0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\ukwbl@ErrorControl                                                                              0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\ukwbl@Group                                                                                    Boot Bus Extender
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                        C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                        0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                    0xF0 0x09 0x9F 0xC1 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                         
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                            0x5F 0xA7 0xA7 0x25 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                      0xEF 0xEB 0x85 0xE7 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\ukwbl@Type                                                                                          1
Reg            HKLM\SYSTEM\ControlSet002\Services\ukwbl@Start                                                                                        0
Reg            HKLM\SYSTEM\ControlSet002\Services\ukwbl@ErrorControl                                                                                  0
Reg            HKLM\SYSTEM\ControlSet002\Services\ukwbl@Group                                                                                        Boot Bus Extender
Reg            HKLM\SYSTEM\ControlSet017\Services\ukwbl@Type                                                                                          1
Reg            HKLM\SYSTEM\ControlSet017\Services\ukwbl@Start                                                                                        0
Reg            HKLM\SYSTEM\ControlSet017\Services\ukwbl@ErrorControl                                                                                  0
Reg            HKLM\SYSTEM\ControlSet017\Services\ukwbl@Group                                                                                        Boot Bus Extender

---- EOF - GMER 1.0.15 ----
--- --- ---

Sawdust 15.09.2010 16:11
und der OSAM log:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:10:53 on 15.09.2010

OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Opera Software Opera Internet Browser 10.61

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Sawdust\AppData\Local\Temp\catchme.sys  (File not found)
"E-MU USB-Audio 1.0 Driver" (emusba10) - ? - C:\Windows\System32\DRIVERS\emusba10.sys  (File not found)
"EraserUtilDrv10920" (EraserUtilDrv10920) - ? - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kxtcipog" (kxtcipog) - ? - C:\Users\Sawdust\AppData\Local\Temp\kxtcipog.sys  (Hidden registry entry, rootkit activity | File not found)
"mbr" (mbr) - ? - C:\Users\Sawdust\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Team H2O CLEDX service" (CLEDX) - "Team H2O" - C:\Windows\System32\DRIVERS\cledx.sys
"TfFsMon" (TfFsMon) - ? - C:\Windows\System32\drivers\TfFsMon.sys  (File not found)
"TfNetMon" (TfNetMon) - ? - C:\Windows\system32\drivers\TfNetMon.sys  (File not found)
"TfSysMon" (TfSysMon) - ? - C:\Windows\System32\drivers\TfSysMon.sys  (File not found)
"TPkd" (TPkd) - "PACE Anti-Piracy, Inc." - C:\Windows\system32\drivers\TPkd.sys
"ukwbl" (ukwbl) - ? - C:\Windows\system32\drivers\ukwbl.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FirePod Control Panel.lnk" - "PreSonus Audio Electronics" - C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe  (Shortcut exists | File exists)
"FP10 Control Panel.lnk" - "PreSonus Audio Electronics" - C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.05Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Camera Assistant Software" - "Chicony" - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"H2O" - "Team H2O" - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
"HDMICtrlMan" - "TOSHIBA Corporation." - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
"HSON" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
"ITSecMng" - " TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NDSTray.exe" - ? - NDSTray.exe  (File not found)
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SmoothView" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"Digidesign MME Refresh Service" (DigiRefresh) - ? - C:\Program Files\Digidesign\Drivers\MMERefresh.exe -s  (File not found)
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca28ce9bf43f90)" (gupdate1ca28ce9bf43f90) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Notebook Performance Tuning Service " (TempoMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
"O2Micro Flash Memory Card Service" (o2flash) - "O2Micro International" - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
"TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 15.09.2010 16:17
Zitat:
"ukwbl" (ukwbl) - ? - C:\Windows\system32\drivers\ukwbl.sys (Hidden registry entry, rootkit activity | File not found)
Bitte OSAM öffnen und einen Haken bei nur diesem Eintrag machen. Dann deaktivieren und löschen.

Sawdust 15.09.2010 16:20
bootkit remover sagt übrigens der mbr ist "OK" und grün!

cosinus 15.09.2010 16:29
Ok, dann mach bitte das mit OSAM und poste ein neues Log von OSAM und GMER

Sawdust 15.09.2010 17:19
Gut, den Eintrag habe ich einmal entfernt und dann nochmal aus dem storage deleted, wie in der Anleitung beschrieben. GMER ist abgeschmiert. OSAM sagt aber folgendes:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:43:55 on 15.09.2010

OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Opera Software Opera Internet Browser 10.61

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Sawdust\AppData\Local\Temp\catchme.sys  (File not found)
"E-MU USB-Audio 1.0 Driver" (emusba10) - ? - C:\Windows\System32\DRIVERS\emusba10.sys  (File not found)
"EraserUtilDrv10920" (EraserUtilDrv10920) - ? - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Team H2O CLEDX service" (CLEDX) - "Team H2O" - C:\Windows\System32\DRIVERS\cledx.sys
"TfFsMon" (TfFsMon) - ? - C:\Windows\System32\drivers\TfFsMon.sys  (File not found)
"TfNetMon" (TfNetMon) - ? - C:\Windows\system32\drivers\TfNetMon.sys  (File not found)
"TfSysMon" (TfSysMon) - ? - C:\Windows\System32\drivers\TfSysMon.sys  (File not found)
"TPkd" (TPkd) - "PACE Anti-Piracy, Inc." - C:\Windows\system32\drivers\TPkd.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FirePod Control Panel.lnk" - "PreSonus Audio Electronics" - C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe  (Shortcut exists | File exists)
"FP10 Control Panel.lnk" - "PreSonus Audio Electronics" - C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.05Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Camera Assistant Software" - "Chicony" - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"H2O" - "Team H2O" - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
"HDMICtrlMan" - "TOSHIBA Corporation." - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
"HSON" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
"ITSecMng" - " TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NDSTray.exe" - ? - NDSTray.exe  (File not found)
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SmoothView" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"Digidesign MME Refresh Service" (DigiRefresh) - ? - C:\Program Files\Digidesign\Drivers\MMERefresh.exe -s  (File not found)
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca28ce9bf43f90)" (gupdate1ca28ce9bf43f90) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Notebook Performance Tuning Service " (TempoMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
"O2Micro Flash Memory Card Service" (o2flash) - "O2Micro International" - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
"TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Sawdust 15.09.2010 22:23
Die Fehlermeldung kommt übrigens jetzt wieder beim Start. Ach man, nach jedem erfolglosen Schritt habe ich Angst das es das war! :D Ich hoffe es gibt noch eine Möglichkeit!

Vielen, vielen Dank auf jeden Fall schonmal an dich Cosinus!!

cosinus 16.09.2010 09:40
Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

http://mitglied.lycos.de/efunction/tb123/avenger.png

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
files to delete:
C:\Windows\system32\Drivers\ukwbl.sys

drivers to delete:
ukwbl
ukwbl.sys
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken

Sawdust 16.09.2010 10:51
Sieht schlecht aus! Verdammt...

Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Windows\system32\Drivers\ukwbl.sys" not found!
Deletion of file "C:\Windows\system32\Drivers\ukwbl.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ukwbl" not found!
Deletion of driver "ukwbl" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ukwbl.sys" not found!
Deletion of driver "ukwbl.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

cosinus 16.09.2010 11:49
Mach bitte ein neues Log mit GMER

Sawdust 16.09.2010 14:22
GMER wollte nicht! Habs 3 mal versucht.
Hab dafür ein OSAM Scan gemacht. Hoffe das bringt auch was:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:52:00 on 16.09.2010

OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Opera Software Opera Internet Browser 10.61

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Sawdust\AppData\Local\Temp\catchme.sys  (File not found)
"E-MU USB-Audio 1.0 Driver" (emusba10) - ? - C:\Windows\System32\DRIVERS\emusba10.sys  (File not found)
"EraserUtilDrv10920" (EraserUtilDrv10920) - ? - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Team H2O CLEDX service" (CLEDX) - "Team H2O" - C:\Windows\System32\DRIVERS\cledx.sys
"TfFsMon" (TfFsMon) - ? - C:\Windows\System32\drivers\TfFsMon.sys  (File not found)
"TfNetMon" (TfNetMon) - ? - C:\Windows\system32\drivers\TfNetMon.sys  (File not found)
"TfSysMon" (TfSysMon) - ? - C:\Windows\System32\drivers\TfSysMon.sys  (File not found)
"TPkd" (TPkd) - "PACE Anti-Piracy, Inc." - C:\Windows\system32\drivers\TPkd.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FirePod Control Panel.lnk" - "PreSonus Audio Electronics" - C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe  (Shortcut exists | File exists)
"FP10 Control Panel.lnk" - "PreSonus Audio Electronics" - C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.05Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Camera Assistant Software" - "Chicony" - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"H2O" - "Team H2O" - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
"HDMICtrlMan" - "TOSHIBA Corporation." - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
"HSON" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
"ITSecMng" - " TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"NBKeyScan" - "Nero AG" - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NDSTray.exe" - ? - NDSTray.exe  (File not found)
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SmoothView" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"Digidesign MME Refresh Service" (DigiRefresh) - ? - C:\Program Files\Digidesign\Drivers\MMERefresh.exe -s  (File not found)
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca28ce9bf43f90)" (gupdate1ca28ce9bf43f90) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Notebook Performance Tuning Service " (TempoMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
"O2Micro Flash Memory Card Service" (o2flash) - "O2Micro International" - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
"TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Sawdust 17.09.2010 09:43
Soll ich vllt noch mal ein Malwarebytes Scan machen? =/

cosinus 17.09.2010 11:09
Probier GMER bitte noch ein letztes Mal aus

Sawdust 17.09.2010 11:35
Es kam keine Meldung das er fertig sei, er hörte einfach irgendwann auf zu suchen.

Das ist das logfile was ich gespeichert hab. Ich hoffe er war fertig.

GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-17 12:29:03
Windows 6.0.6001 Service Pack 1
Running: 6fnl4tvq.exe; Driver: C:\Users\Sawdust\AppData\Local\Temp\kxtcipog.sys


---- System - GMER 1.0.15 ----

SSDT            9546E8C4                                                                                                                              ZwCreateThread
SSDT            9546E8B0                                                                                                                              ZwOpenProcess
SSDT            9546E8B5                                                                                                                              ZwOpenThread
SSDT            9546E8BF                                                                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetTimerEx + 454                                                                                                        82D0AB18 4 Bytes  CALL 6B174063
.text          ntkrnlpa.exe!KeSetTimerEx + 624                                                                                                        82D0ACE8 4 Bytes  CALL 76184233
.text          ntkrnlpa.exe!KeSetTimerEx + 640                                                                                                        82D0AD04 4 Bytes  CALL 7DEE424F
.text          ntkrnlpa.exe!KeSetTimerEx + 854                                                                                                        82D0AF18 4 Bytes  CALL 9A904463
.text          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                                              section is writeable [0x8AD58480, 0x3C939, 0xE8000020]
.dsrt          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                                              unknown last section [0x8AD99900, 0x3CA, 0x48000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                  [738588B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                    [738998A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                [7385B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                          [7384FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                    [73857A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                [7384EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                    [7388B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                        [7385BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                [7385074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                [738506B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                  [738471B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                          [738DD848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                            [73877379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                [7384E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                          [7384697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                        [738469A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                            [73852465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2456] @ C:\Windows\system32\NETAPI32.dll [PSAPI.DLL!GetModuleBaseNameW]  [75A9159E] C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:504]                                                                                                                        9071B256
Thread          System [4:516]                                                                                                                        9071BB26
Thread          System [4:520]                                                                                                                        9071BB26
Thread          System [4:524]                                                                                                                        9071BB26
Thread          System [4:528]                                                                                                                        9071BB26
Thread          System [4:532]                                                                                                                        9071BB26
Thread          System [4:536]                                                                                                                        9071BB26
Thread          System [4:540]                                                                                                                        9071B684
Thread          System [4:544]                                                                                                                        9071B684
Thread          System [4:548]                                                                                                                        9071B684
Thread          System [4:552]                                                                                                                        9071B684
Thread          System [4:556]                                                                                                                        9071B684
Thread          System [4:560]                                                                                                                        9071B96A
Thread          System [4:564]                                                                                                                        9071B96A
Thread          System [4:568]                                                                                                                        9071B96A
Thread          System [4:572]                                                                                                                        9071B96A
Thread          System [4:576]                                                                                                                        9071B96A
Thread          System [4:580]                                                                                                                        9071CAA2
Thread          System [4:584]                                                                                                                        9071CB6A
Thread          System [4:588]                                                                                                                        907296C4
Thread          System [4:592]                                                                                                                        9071B256
Thread          System [4:596]                                                                                                                        9071B256
Thread          System [4:600]                                                                                                                        9071B256
Thread          System [4:604]                                                                                                                        90745BC6
Thread          System [4:608]                                                                                                                        907461E4
Thread          System [4:612]                                                                                                                        9074C298
Thread          System [4:616]                                                                                                                        9074C344
Thread          System [4:620]                                                                                                                        9074C3EE
Thread          System [4:3420]                                                                                                                        90719386
Thread          System [4:3704]                                                                                                                        9070554A
Thread          System [4:3668]                                                                                                                        9070557E

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                    C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                    0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                0xF0 0x09 0x9F 0xC1 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                             
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                          0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                        0x5F 0xA7 0xA7 0x25 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                  0xEF 0xEB 0x85 0xE7 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                        C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                        0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                    0xF0 0x09 0x9F 0xC1 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                         
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                            0x5F 0xA7 0xA7 0x25 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                      0xEF 0xEB 0x85 0xE7 ...
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures@Google Software Updater.job.fp              -1758343916

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                  sector 01: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 02: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 03: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 04: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 05: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 06: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 07: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 08: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 09: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 10: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 11: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 12: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 13: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 14: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 15: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 16: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 17: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 18: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 19: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 20: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 21: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 22: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 23: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 24: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 25: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 26: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 27: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 28: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 29: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 30: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 31: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 32: rootkit-like behavior; copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 33: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 34: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 35: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 36: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 37: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 38: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 39: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 40: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 41: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 42: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 43: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 44: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 45: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 46: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 47: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 48: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 49: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 50: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 51: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 52: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 53: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 54: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 55: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 56: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 57: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 58: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 59: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 60: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 61: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 62: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                                  sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 17.09.2010 13:33
Ok. Das ist etwas besser als vorher.
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Sawdust 18.09.2010 20:58
Muss dir nochmal für deine Hilfe danken, das Forum ist wirklich wahnsinn! :) Da wieder eine Spende bei rauskommen! :)

Hier der MBR Check

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: PORTEGE M800
Logical Drives Mask: 0x00000034

Kernel Drivers (total 173):
0x82C05000 \SystemRoot\system32\ntkrnlpa.exe
0x82FBE000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046F000 \SystemRoot\system32\PSHED.dll
0x80480000 \SystemRoot\system32\BOOTVID.dll
0x80488000 \SystemRoot\system32\CLFS.SYS
0x804C9000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\System32\drivers\partmgr.sys
0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80732000 \SystemRoot\system32\drivers\volmgr.sys
0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079B000 \SystemRoot\system32\DRIVERS\pciide.sys
0x807A2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8320A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x832D8000 \SystemRoot\system32\drivers\atapi.sys
0x832E0000 \SystemRoot\system32\drivers\ataport.SYS
0x832FE000 \SystemRoot\system32\drivers\msahci.sys
0x83308000 \SystemRoot\system32\drivers\fltmgr.sys
0x8333A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8334A000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83353000 \SystemRoot\System32\Drivers\TPkd.sys
0x83371000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AA03000 \SystemRoot\system32\drivers\ndis.sys
0x8AB0E000 \SystemRoot\system32\drivers\msrpc.sys
0x8AB39000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AC01000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AD10000 \SystemRoot\system32\drivers\volsnap.sys
0x8AD49000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8AD4E000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8AD91000 \SystemRoot\System32\Drivers\spldr.sys
0x8AD99000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8ADAF000 \SystemRoot\System32\Drivers\mup.sys
0x8ADBE000 \SystemRoot\System32\drivers\ecache.sys
0x8ADE5000 \SystemRoot\system32\drivers\disk.sys
0x8AB73000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ADF6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8E6CE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E6D9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E6E2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E801000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EEE5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EF84000 \SystemRoot\System32\drivers\watchdog.sys
0x8EF91000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EF9C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EFDA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EFE9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E6EB000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8F00A000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F391000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F3A1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F3AF000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8F3C9000 \SystemRoot\system32\DRIVERS\o2media.sys
0x8F3D5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8E73A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E74D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E758000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F3FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E787000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F000000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8E792000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F004000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E7AA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EFFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F3FD000 \SystemRoot\system32\DRIVERS\tosrfec.sys
0x8E7B9000 \SystemRoot\system32\DRIVERS\avmaura.sys
0x8E7D2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E7DD000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x8ABA1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x807B0000 \SystemRoot\system32\DRIVERS\storport.sys
0x8ABCF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E7ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x805A9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8ABE6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x833E2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805CC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F60A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8F693000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F6A3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F6A5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F6CF000 \SystemRoot\system32\DRIVERS\QIOMem.sys
0x8F6D8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F6E2000 \SystemRoot\system32\DRIVERS\cledx.sys
0x8F6F0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F6FD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F731000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x8F73C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F74D000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8F780000 \SystemRoot\system32\drivers\portcls.sys
0x8F7AD000 \SystemRoot\system32\drivers\drmk.sys
0x8F80F000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F84D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FA0B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FAC0000 \SystemRoot\system32\drivers\modem.sys
0x8FACD000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8FAEE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FAF7000 \SystemRoot\System32\Drivers\Null.SYS
0x8FAFE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FB0E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FB15000 \SystemRoot\System32\drivers\vga.sys
0x8FB21000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FB42000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FB4A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FB52000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FB5D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FB6B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9080B000 \SystemRoot\System32\drivers\tcpip.sys
0x908F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x9090F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90925000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9093C000 \SystemRoot\system32\DRIVERS\smb.sys
0x90950000 \SystemRoot\system32\drivers\afd.sys
0x90998000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x909A1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x909D3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8FB74000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FB8A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FB98000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x909F4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FBAB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90800000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F950000 \SystemRoot\system32\drivers\csc.sys
0x8FBE7000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F9AA000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x909FA000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F9C6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E600000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9AE90000 \SystemRoot\System32\win32k.sys
0x8FA00000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F9D3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B0B0000 \SystemRoot\System32\TSDDD.dll
0x9B0D0000 \SystemRoot\System32\cdd.dll
0x8F9E2000 \SystemRoot\system32\drivers\luafv.sys
0x8F7D2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xADE0B000 \SystemRoot\system32\drivers\spsys.sys
0xADEBA000 \SystemRoot\system32\DRIVERS\diginet.sys
0xADEC2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xADED2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xADEFC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xADF06000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xADF19000 \SystemRoot\system32\drivers\HTTP.sys
0xADF86000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xADFA3000 \SystemRoot\system32\DRIVERS\bowser.sys
0xADFBC000 \SystemRoot\System32\drivers\mpsdrv.sys
0xADFD1000 \SystemRoot\system32\drivers\mrxdav.sys
0x805E1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB0200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB0239000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB0251000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB0278000 \SystemRoot\System32\DRIVERS\srv.sys
0xB02C6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB02CA000 \SystemRoot\system32\drivers\peauth.sys
0xB03A8000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB03B2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB03BE000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB03C6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB9A05000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9A3D000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB9AA2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB9B7E000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0xB9B89000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0xB9BAA000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0xB9BBD000 \SystemRoot\System32\Drivers\tosrfbnp.sys
0xB9BC6000 \SystemRoot\system32\DRIVERS\tosrfnds.sys
0x77510000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
608 csrss.exe
652 csrss.exe
660 C:\Windows\System32\wininit.exe
696 C:\Windows\System32\services.exe
712 C:\Windows\System32\lsass.exe
720 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\winlogon.exe
968 C:\Windows\System32\svchost.exe
1036 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1080 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\audiodg.exe
1408 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\SLsvc.exe
1584 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\svchost.exe
1848 C:\Windows\System32\spoolsv.exe
1892 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1952 C:\Windows\System32\svchost.exe
2028 C:\Windows\System32\dwm.exe
488 C:\Windows\explorer.exe
740 C:\Windows\System32\taskeng.exe
1576 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
412 C:\Windows\System32\igfxpers.exe
2052 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2084 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
2112 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
2136 C:\Windows\System32\hkcmd.exe
2164 C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
2176 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
2188 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2220 C:\Program Files\iTunes\iTunesHelper.exe
2256 C:\Program Files\Java\jre6\bin\jusched.exe
2292 C:\Windows\System32\igfxsrvc.exe
2312 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2504 C:\Program Files\CDBurnerXP\NMSAccessU.exe
2516 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
2604 C:\Windows\System32\svchost.exe
2628 C:\Windows\System32\svchost.exe
2672 C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
2796 C:\Windows\WindowsMobile\wmdSync.exe
2892 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
2908 C:\Windows\System32\TODDSrv.exe
2972 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2996 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
3076 C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
3108 C:\Windows\System32\svchost.exe
3136 C:\Windows\System32\SearchIndexer.exe
3168 C:\Windows\System32\drivers\XAudio.exe
3336 C:\Program Files\Skype\Phone\Skype.exe
3416 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
3476 C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
3484 C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe
3776 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
3968 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
3980 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
4004 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
1884 C:\Windows\System32\igfxext.exe
3096 C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
3600 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2772 C:\Windows\System32\svchost.exe
2124 C:\Program Files\iPod\bin\iPodService.exe
1180 C:\Windows\System32\alg.exe
3640 C:\Windows\System32\wuauclt.exe
2640 C:\Program Files\Windows Media Player\wmpnscfg.exe
4100 C:\Program Files\Windows Media Player\wmpnetwk.exe
5816 C:\Program Files\Opera\opera.exe
5112 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
5348 C:\Windows\System32\taskeng.exe
1608 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
4984 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
5368 C:\Windows\System32\SearchProtocolHost.exe
5576 C:\Windows\System32\SearchFilterHost.exe
4632 C:\Users\Sawdust\Desktop\MBRCheck.exe
548 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`07e00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV010M

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 19.09.2010 17:16
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Sawdust 20.09.2010 18:46
Alles clean!! :) :) :)

Ich danke dir von ganzem Herzen! Dieses Forum hat mehr als eine Spende verdient! Wirklich toll!!

cosinus 20.09.2010 18:55
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:50 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131