Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Und nochjemand mit Rootkit RKIT/Agent.biiu :(

Und nochjemand mit Rootkit RKIT/Agent.biiu :(


Plagegeister aller Art und deren Bekämpfung: Und nochjemand mit Rootkit RKIT/Agent.biiu :(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.09.2010, 17:35   #1
Sawdust
 
Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Standard

Und nochjemand mit Rootkit RKIT/Agent.biiu :(


Hey,

seit einem gestrigen Neustart zeigt mein Windows Vista System die ein oder andere komische Treiber Fehlermeldung beim hochfahren. Meine Firewire Audiogeräte funktionieren nicht mehr wie sie sollen. Ein Suchlauf mit Antivir brachte folgendes Ergebnis:

Die Datei 'C:\Windows\System32\drivers\ukwbl.sys'
enthielt einen Virus oder unerwünschtes Programm 'RKIT/Agent.biiu' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Fehler in der ARK Library.
Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden.Mögliche Ursache: Ein an das System angeschlossenes Gerät funktioniert nicht.
.

Folgende Logfiles:

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.09.2010 17:38:58 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Sawdust\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 3,46 Gb Free Space | 2,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 145,97 Gb Total Space | 19,80 Gb Free Space | 13,56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAWDUSTMOBIL
Current User Name: Sawdust
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.09.12 17:32:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
PRC - [2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
PRC - [2010.08.09 15:27:06 | 000,836,464 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
PRC - [2010.04.29 12:19:18 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009.12.10 12:55:15 | 000,470,785 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ6.5\ICQ.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.05.19 23:53:03 | 000,207,360 | ---- | M] (AVM Berlin) -- C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.04.26 15:57:06 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.04.22 11:44:00 | 000,648,520 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008.04.18 19:27:52 | 000,316,744 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2008.04.18 19:27:40 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008.04.17 10:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.e xe
PRC - [2008.04.17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008.04.17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008.04.16 16:43:32 | 002,577,736 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008.04.14 23:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.03.31 19:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008.01.21 04:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008.01.09 10:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.10.10 17:36:42 | 001,126,400 | ---- | M] (PreSonus Audio Electronics) -- C:\Programme\PreSonus\1394AudioDriver_FP10\FP10.ex e
PRC - [2007.10.10 17:28:48 | 001,126,400 | ---- | M] (PreSonus Audio Electronics) -- C:\Programme\PreSonus\1394AudioDriver_FirePod\Fire Pod.exe
PRC - [2007.08.24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
MOD - [2010.09.11 17:24:52 | 000,046,592 | -H-- | M] () -- C:\Windows\System32\Complder.dll
MOD - [2008.01.21 04:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:24:11 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0867D.tmp -- (yjboizih)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0BF19.tmp -- (vhvumskf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\08803.tmp -- (tmybvqlj)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\09819.tmp -- (luiznhmes)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0273E.tmp -- (kavdhnkn)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys -- (EraserUtilDrv10920)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\emusba10.sys -- (emusba10)
DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.12.10 12:55:15 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.19 23:52:54 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.23 23:35:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2008.12.04 03:01:50 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.09.08 13:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008.07.18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.06.20 06:37:06 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.06.12 12:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.23 17:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.15 04:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.04.04 11:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008.03.25 13:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 11:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.03.04 19:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.01.22 20:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.29 18:58:56 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.11.29 09:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.18 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.09 17:32:24 | 000,123,440 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pae_1394.sys -- (pae_1394)
DRV - [2007.10.09 17:32:24 | 000,051,248 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pae_avs.sys -- (pae_avs)
DRV - [2007.10.02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.08.29 15:50:46 | 000,039,296 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224Wdm.sys -- (Us224WdmService)
DRV - [2007.08.29 15:50:34 | 000,018,176 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224DL.sys -- (US224DL)
DRV - [2007.08.29 15:50:02 | 000,150,272 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US224.sys -- (US224)
DRV - [2007.08.07 06:26:14 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.08.02 09:52:50 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.08.02 09:51:18 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.08.02 09:51:08 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.04.09 17:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2005.01.07 05:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...TSEA&bmod=TSEA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdom...SEA&bmod=TSEA;
IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdom...SEA&bmod=TSEA;
IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3003140569-26490700-2488630799-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204 .1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe File not found
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [win32dll] C:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [AVMUSBFernanschluss] C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3003140569-26490700-2488630799-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\monmvr32.exe (SecureNet)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d301273-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell - "" = AutoRun
O33 - MountPoints2\{4d3012d1-5ea3-11df-a797-00037a9b6493}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\AutoRun\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{8ec359b1-5112-11df-8fbd-00037a9b6493}\Shell\open\command - "" = GORDANA/lakicka.exe
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0f48e4-304e-11de-81c3-00238b42cebd}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: icachone - (C:\Windows\system32\Complder.dll) - C:\Windows\System32\Complder.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.09.12 17:32:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
[2010.09.12 17:23:01 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\Malwarebytes
[2010.09.12 17:22:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.12 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.12 17:22:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.12 17:22:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.12 17:18:23 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
[2010.09.12 17:15:28 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sawdust\Desktop\mbam-setup.exe
[2010.09.09 19:59:40 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\INRES.DLL
[2010.09.09 19:59:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Data
[2010.09.01 11:48:31 | 000,000,000 | ---D | C] -- C:\Programme\TransMac
[2010.09.01 11:48:17 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\tranmak_7.5
[2010.08.26 11:12:37 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\Trillium Lane
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Roaming\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\AppData\Local\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PACE Anti-Piracy
[2010.08.26 11:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010.08.26 10:49:15 | 000,000,000 | ---D | C] -- C:\Programme\InterLok
[2010.08.26 10:43:40 | 000,630,784 | ---- | C] (PACE Anti-Piracy) -- C:\Windows\System32\ilinet.dll
[2010.08.26 10:43:37 | 000,097,808 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Windows\System32\drivers\Dalwdm.sys
[2010.08.26 10:43:37 | 000,016,400 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Windows\System32\drivers\diginet.sys
[2010.08.17 14:39:17 | 000,000,000 | ---D | C] -- C:\Users\Sawdust\Desktop\RPA3
[2010.08.17 11:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Syncrosoft
[2004.12.13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System32\RCCOLLAB.DLL

========== Files - Modified Within 90 Days ==========

[2010.09.12 17:39:39 | 000,585,504 | ---- | M] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.12 17:39:34 | 002,883,584 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT
[2010.09.12 17:32:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sawdust\Desktop\HiJackThis204.exe
[2010.09.12 17:30:59 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.09.12 17:22:57 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 17:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sawdust\Desktop\OTL.exe
[2010.09.12 17:15:54 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sawdust\Desktop\mbam-setup.exe
[2010.09.12 17:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.12 16:54:46 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.09.12 16:50:47 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.12 16:50:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 16:50:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 16:50:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.12 16:50:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.12 16:50:22 | 3079,532,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.12 16:49:01 | 000,524,288 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regt rans-ms
[2010.09.12 16:49:01 | 000,065,536 | -HS- | M] () -- C:\Users\Sawdust\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010.09.12 16:49:00 | 006,291,456 | -H-- | M] () -- C:\Users\Sawdust\AppData\Local\IconCache.db
[2010.09.11 22:01:18 | 000,000,008 | ---- | M] () -- C:\Windows\System32\mssrv32.vxd
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei4
[2010.09.11 22:00:42 | 000,000,471 | ---- | M] () -- C:\Windows\System32\Datei2
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei3
[2010.09.11 22:00:42 | 000,000,470 | ---- | M] () -- C:\Windows\System32\Datei1
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei7
[2010.09.11 22:00:42 | 000,000,469 | ---- | M] () -- C:\Windows\System32\Datei5
[2010.09.11 22:00:42 | 000,000,468 | ---- | M] () -- C:\Windows\System32\Datei0
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei9
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei8
[2010.09.11 22:00:42 | 000,000,467 | ---- | M] () -- C:\Windows\System32\Datei10
[2010.09.11 22:00:42 | 000,000,465 | ---- | M] () -- C:\Windows\System32\Datei6
[2010.09.11 17:24:52 | 000,046,592 | -H-- | M] () -- C:\Windows\System32\Complder.dll
[2010.09.11 17:24:49 | 000,000,024 | ---- | M] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
[2010.09.11 17:23:58 | 000,000,004 | ---- | M] () -- C:\Users\Sawdust\AppData\Roaming\avdrn.dat
[2010.09.09 19:59:08 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.09 19:59:07 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.09 19:59:07 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.09 19:59:07 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.09 19:59:07 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.06 21:56:24 | 312,018,752 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.06 17:51:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_0 0_00.Wdf
[2010.09.01 11:48:32 | 000,000,809 | ---- | M] () -- C:\Users\Sawdust\Desktop\TransMac.lnk
[2010.09.01 11:47:07 | 001,873,596 | ---- | M] () -- C:\Users\Sawdust\Desktop\tranmak_7.5.rar
[2010.08.26 11:35:26 | 000,101,064 | ---- | M] () -- C:\Users\Sawdust\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.26 11:34:11 | 000,376,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.23 15:55:07 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2010.08.20 17:40:59 | 000,000,032 | ---- | M] () -- C:\Windows\msocreg32.dat
[2010.08.01 21:48:17 | 000,000,013 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010.07.28 23:58:29 | 000,077,312 | ---- | M] () -- C:\Users\Sawdust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010.09.12 17:22:57 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 17:25:36 | 000,585,504 | ---- | C] () -- C:\Windows\System32\drivers\ukwbl.sys
[2010.09.11 17:24:52 | 000,046,592 | -H-- | C] () -- C:\Windows\System32\Complder.dll
[2010.09.11 17:24:34 | 000,000,024 | ---- | C] () -- C:\Users\Sawdust\AppData\Roaming\apiqfw.dat
[2010.09.11 17:23:58 | 000,000,004 | ---- | C] () -- C:\Users\Sawdust\AppData\Roaming\avdrn.dat
[2010.09.06 17:51:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_0 0_00.Wdf
[2010.09.01 11:48:32 | 000,000,809 | ---- | C] () -- C:\Users\Sawdust\Desktop\TransMac.lnk
[2010.09.01 11:47:07 | 001,873,596 | ---- | C] () -- C:\Users\Sawdust\Desktop\tranmak_7.5.rar
[2010.08.26 10:43:38 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009.07.30 14:15:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.30 12:33:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.07.09 11:28:17 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.11 16:32:08 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009.06.01 11:27:50 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2009.05.20 00:17:07 | 000,000,419 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.05.17 14:00:18 | 000,001,356 | ---- | C] () -- C:\Users\Sawdust\AppData\Local\d3d9caps.dat
[2009.05.07 16:38:09 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.05.01 23:10:53 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.01 23:10:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.04.29 13:39:47 | 000,491,520 | ---- | C] () -- C:\Windows\System32\libencdec.dll
[2009.04.23 23:40:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2009.04.23 23:35:26 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.04.23 23:20:16 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009.04.23 23:15:46 | 000,905,290 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009.04.22 21:56:01 | 000,077,312 | ---- | C] () -- C:\Users\Sawdust\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.26 08:16:28 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.25 23:09:53 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.08.25 23:09:52 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.08.25 23:09:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.08.25 23:09:52 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.25 23:07:26 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.08.25 23:04:38 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.08.25 23:04:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009.10.10 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Antares Design
[2009.04.29 13:39:47 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Audio Ease
[2009.08.12 17:56:44 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Canneverbe_Limite d
[2009.06.01 12:36:43 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Canon
[2009.04.23 23:49:19 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\DAEMON Tools Lite
[2009.05.25 10:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\ePaperPress
[2010.09.11 17:42:05 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\ICQ
[2009.04.22 09:23:33 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Opera
[2010.08.26 11:10:51 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\PACE Anti-Piracy
[2009.07.19 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Propellerhead Software
[2009.04.23 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Steinberg
[2009.05.27 15:56:03 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Toshiba
[2010.08.26 11:12:37 | 000,000,000 | ---D | M] -- C:\Users\Sawdust\AppData\Roaming\Trillium Lane
[2010.09.12 16:49:04 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:94B1D287B21E9A83
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Xí:ˆácpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\,ð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nw²�wNwºÔIvØôVpctlsp.log
@Alternate Data Stream - 1374 bytes -> C:\ProgramData\Microsoft:7EvseLvdLbmzATL9
@Alternate Data Stream - 1360 bytes -> C:\Users\Sawdust\AppData\Local\Temp:5z6STY7n3QGFJS NMD
@Alternate Data Stream - 1292 bytes -> C:\Users\Sawdust\AppData\Local\Temp:v9Sl0NtmUrjY9o GGBo9V
@Alternate Data Stream - 1274 bytes -> C:\Program Files\Common Files\microsoft shared:GpKA9BXuOZ6ZBpA1iHHV
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 1232 bytes -> C:\ProgramData\Microsoft:0gUAintNrt3YwSAP8E7w5IMsL Y7
@Alternate Data Stream - 1223 bytes -> C:\ProgramData\Microsoft:7pkwkb2Frp5TvCGDejtV83i5N
@Alternate Data Stream - 1183 bytes -> C:\ProgramData\Microsoft:HOojxnwwQcS8b9ik
@Alternate Data Stream - 1177 bytes -> C:\ProgramData\Microsoft:tBjBEaMwUv9y8pAjOFGPcO7Se iL7
< End of report >
--- --- ---

Hijack This

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:33:19, on 12.09.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe
C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\explorer.exe
C:\Program Files\Opera\opera.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Users\Sawdust\Desktop\OTL.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sawdust\Desktop\HiJackThis204.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [win32dll] C:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AVMUSBFernanschluss] C:\Users\Sawdust\AppData\Local\Apps\2.0\R84O6XE3.0 5Z\DWG4CRRD.CJB\frit..tion_f8d772dfbb3f7453_0002.0 001_0db5bf169ed5c0c1\AVMAutoStart.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: monmvr32.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
O4 - Global Startup: FP10 Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FP10\FP10.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/red...k-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: Google Update Service (gupdate1ca28ce9bf43f90) (gupdate1ca28ce9bf43f90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10619 bytes
--- --- ---

Und Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4600

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

12.09.2010 17:30:44
mbam-log-2010-09-12 (17-30-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145224
Laufzeit: 6 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Windows\System32\Complder.dll (Trojan.PWS.Gen) -> No action taken.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\Complder.dll (Trojan.PWS.Gen) -> No action taken.
C:\Users\Sawdust\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\monmvr32.exe (Trojan.Downloader) -> No action taken.
C:\Windows\system32\Drivers\ukwbl.sys (Rootkit.Bubnix) -> No action taken.
C:\Users\Sawdust\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.





War es das mit meinem System, oder kann man da noch etwas machen? Ich bin auf die Programme des Rechners sehr angewiesen! =( Danke an alle die mir helfen, ich weiss das sehr sehr zu schätzen!

LG

 

Themen zu Und nochjemand mit Rootkit RKIT/Agent.biiu :(
0 bytes, acroiehelper.dll, alternate, antivir, antivir guard, autorun, avgntflt.sys, avira, bho, browser, cdburnerxp, corp./icp, ebay, excel.exe, hijack, hijack this, hijackthis, home, iastor.sys, jusched.exe, local\temp, location, nicht gefunden, nvstor.sys, object, oldtimer, otl logfile, plug-in, programdata, programm, quelldatei, registry, rkit/agent.biiu, rootkit, rundll, saver, senden, service pack 1, software, sptd.sys, start menu, symantec, system, trojan, virus, vista, windows


« AntiVir: TR/Dropper.Gen , TR/Crypt.XDR.Gen | ein plagegeist nach hochfahren des PCs »


Ähnliche Themen: Und nochjemand mit Rootkit RKIT/Agent.biiu :(


  1. rkit/agent.dfjv
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (33)
  2. TR/Agent.AOXU und RKIT/Agent.depg.1
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (3)
  3. RKIT/Agent.AW
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (1)
  4. RKIT/Agent.biiu befall
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (11)
  5. rkit/Agent.biiu root kit
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (28)
  6. RKIT/Agent.biiu - Noch ein betroffener
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (46)
  7. RKIT/Agent.biiu entfernt oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (1)
  8. Avira meldet RKIT/Agent.biiu befall!
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (27)
  9. RKIT/agent.biiu, TR/agent.ruo, TR/Crypt.ZPACK.Gen alle guten Dinge sind drei hahahaha
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (25)
  10. Rootkit RKIT/Bubnix.S in C:\Windows\System32\drivers\...sys gefunden
    Log-Analyse und Auswertung - 20.05.2010 (3)
  11. Rootkit RKIT/Kryptic.763904 wurde gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (7)
  12. Rootkit RKIT/Kryptic entfernen
    Anleitungen, FAQs & Links - 10.01.2010 (2)
  13. TR/Crypt.XDR.gen, Rootkit.Kobcka.B, Trojan/Win32.Agent, Rootkit-Agent.CW atd.
    Plagegeister aller Art und deren Bekämpfung - 11.04.2009 (1)
  14. Rootkit (RKIT/Agent.483856) in system32
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (4)
  15. RKIT/Agent.WK
    Plagegeister aller Art und deren Bekämpfung - 21.02.2008 (1)
  16. Trojaner TR/RKit.Agent.BK
    Log-Analyse und Auswertung - 03.03.2006 (5)
  17. TR/RKit.Agent.Q
    Plagegeister aller Art und deren Bekämpfung - 14.07.2005 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Und nochjemand mit Rootkit RKIT/Agent.biiu :( - Hey, seit einem gestrigen Neustart zeigt mein Windows Vista System die ein oder andere komische Treiber Fehlermeldung beim hochfahren. Meine Firewire Audiogeräte funktionieren nicht mehr wie sie sollen. Ein Suchlauf - Und nochjemand mit Rootkit RKIT/Agent.biiu :(...
Archiv
Du betrachtest: Und nochjemand mit Rootkit RKIT/Agent.biiu :( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131