| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: bak.exe (mit autorun problem)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.05.2010, 21:39
| #1 |
| |  bak.exe (mit autorun problem) hi Leute hatte/habe das gleiche problem hab (http://www.trojaner-board.de/81685-b...usb-stick.html) zusätzlich noch in der REGESTRY nach "bak" gesucht und 3 einträge gefunden und gelöscht, jetzt werden meine externen lauferke wieder normal angezeigt und besitzen keinen autorun mehr. was sthet da im log file genau? was könnnt ihr damit anfangen? Dankeschön im Vorinhein! mein logfile, seht ihr was was da nicht hingehört? hab gelesen man kann das dann mit dem hijackthis.exe programm rauslöschen Code:
ATTFilter Logfile of random's system information tool 1.07 (written by random/random) Run by Hansi at 2010-05-26 23:03:28 Microsoft Windows XP Professional Service Pack 2 System drive C: has 2 GB (6%) free of 25 GB Total RAM: 3070 MB (74% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:03:31, on 26.05.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\ehtray.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programme\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe C:\Programme\Synaptics\SynTP\Toshiba.exe C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Programme\TOSHIBA\Tvs\TvsTray.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Winamp\winampa.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\pdfforge Toolbar\SearchSettings.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Microsoft ActiveSync\Wcescomm.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\ICQ6.5\ICQ.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Dokumente und Einstellungen\Hansi\Desktop\Neuer Ordner\RSIT.exe C:\Programme\trend micro\Hansi.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://www.google.de/ R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate1c9b5f4bf60f07e) (gupdate1c9b5f4bf60f07e) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12158 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\Install_NSS.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}] dsWebAllowBHO Class - C:\Programme\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-05 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] pdfforge Toolbar - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-12-30 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] C:\Programme\pdfforge Toolbar\SearchSettings.dll [2009-07-29 1153024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-30 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] DVDVideoSoft Toolbar - C:\Programme\DVDVideoSoft\tbDVDV.dll [2009-11-09 2331672] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512] "ATICCC"=C:\Programme\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-12-10 15691264] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203] "THotkey"=C:\Programme\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256] "TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-03 266240] "NDSTray.exe"=NDSTray.exe [] "SmoothView"=C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe [2005-05-13 118784] "TFncKy"=TFncKy.exe [] "Tvs"=C:\Programme\TOSHIBA\Tvs\TvsTray.exe [2006-02-02 73728] "IntelZeroConfig"=C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718] "IntelWireless"=C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182] "ZoneAlarm Client"=C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "WinampAgent"=C:\Programme\Winamp\winampa.exe [2009-02-25 37888] "TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-04-05 198160] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "SearchSettings"=C:\Programme\pdfforge Toolbar\SearchSettings.exe [2009-07-29 1024512] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-10-28 141600] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "VirtualCloneDrive"=C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360] "TOSCDSPD"=C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-12 65536] "Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-03-11 24095528] "H/PC Connection Agent"=C:\Programme\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000] "msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] "ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-11-16 172792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Hansi^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Windows-Desktopsuche.lnk - C:\Programme\Windows Desktop Search\WindowsSearch.exe C:\Dokumente und Einstellungen\Hansi\Startmenü\Programme\Autostart RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-03-22 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDriveAutorun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Programme\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2" "C:\Programme\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Programme\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate" "C:\Programme\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Programme\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx" "C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f871c9-09d6-11df-bc66-00a0d14a5f8f}] shell\Auto\command - G:\setup.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a66683d1-2682-11de-8a73-00a0d14a5f8f}] shell\AutoRun\command - G:\tmp/bak.exe shell\explore\command - G:\tmp/bak.exe shell\open\command - G:\tmp/bak.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e21e1bbf-5b40-11df-b21a-00a0d14a5f8f}] shell\AutoRun\command - K:\tmp/bak.exe shell\explore\command - K:\tmp/bak.exe shell\open\command - K:\tmp/bak.exe ======List of files/folders created in the last 1 months====== 2010-05-26 23:00:44 ----A---- C:\dirdat.txt 2010-05-26 22:57:39 ----D---- C:\Programme\CleanUp! 2010-05-26 22:31:53 ----D---- C:\rsit 2010-05-26 22:31:53 ----D---- C:\Programme\trend micro 2010-05-26 20:03:54 ----D---- C:\Dokumente und Einstellungen\Hansi\Anwendungsdaten\Malwarebytes 2010-05-26 20:03:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-05-26 20:03:44 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-05-26 19:53:02 ----D---- C:\Programme\CCleaner 2010-05-25 22:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$ 2010-05-17 20:03:56 ----D---- C:\Dokumente und Einstellungen\Hansi\Anwendungsdaten\U3 2010-05-15 22:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-05-07 19:39:54 ----D---- C:\Dokumente und Einstellungen\Hansi\Anwendungsdaten\AUTOSICH ======List of files/folders modified in the last 1 months====== 2010-05-26 23:00:45 ----D---- C:\WINDOWS\Prefetch 2010-05-26 22:57:39 ----D---- C:\Programme 2010-05-26 22:51:59 ----D---- C:\Dokumente und Einstellungen\Hansi\Anwendungsdaten\Skype 2010-05-26 22:31:44 ----D---- C:\WINDOWS\Internet Logs 2010-05-26 22:16:02 ----D---- C:\WINDOWS 2010-05-26 22:15:52 ----D---- C:\WINDOWS\system32\Lang 2010-05-26 22:14:38 ----D---- C:\WINDOWS\Temp 2010-05-26 22:14:15 ----D---- C:\WINDOWS\Registration 2010-05-26 22:12:39 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-26 22:11:48 ----D---- C:\WINDOWS\system32\drivers 2010-05-26 22:10:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-26 22:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB899337$ 2010-05-26 20:01:26 ----D---- C:\WINDOWS\Minidump 2010-05-26 20:01:26 ----D---- C:\WINDOWS\Debug 2010-05-26 19:52:40 ----SHD---- C:\RECYCLER 2010-05-26 19:34:36 ----D---- C:\Dokumente und Einstellungen\Hansi\Anwendungsdaten\ICQ 2010-05-25 22:04:48 ----HD---- C:\WINDOWS\inf 2010-05-25 22:04:43 ----D---- C:\WINDOWS\system32 2010-05-24 22:27:30 ----D---- C:\Dokumente und Einstellungen\Hansi\Anwendungsdaten\Winamp 2010-05-24 21:32:32 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-21 20:00:24 ----D---- C:\Programme\JDownloader 2010-05-15 22:46:49 ----SHD---- C:\WINDOWS\Installer 2010-05-15 22:46:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-05-15 22:46:08 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-05-15 22:46:07 ----D---- C:\Programme\Outlook Express 2010-05-14 09:59:40 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-07-08 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 40192] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-08 28520] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-29 21275] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-08 55640] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-22 1522688] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080] R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-11 163328] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-10 4123136] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 191968] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560] R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144] R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-08-09 29696] R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040] S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [] S3 BRIDGE;MAC-Brücke; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-10 71552] S3 BridgeMP;MAC-Brückenminiport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-10 71552] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024] S3 BTHMODEM;Bluetooth-Modemkommunikationstreiber; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-04 38016] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944] S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704] S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936] S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820] S3 MHNDRV;MHN-Treiber; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-01 3643296] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-05-03 47360] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648] S3 rt2870;TP-LINK TL-WN727N Wireless Lite-N USB Adapter; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-11-26 650624] S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-10 11136] S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-10 10240] S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-01-29 16896] S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936] S3 US122;US122 Driver; C:\WINDOWS\System32\Drivers\US122.sys [2004-07-30 217472] S3 US122DL;US122 Firmware Downloader; C:\WINDOWS\System32\Drivers\US122DL.sys [2004-07-30 17277] S3 Us122WdmService;US122 Wdm Audio; C:\WINDOWS\System32\Drivers\US122Wdm.sys [2004-07-30 86648] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936] S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-07-08 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-08 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-22 405504] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336] R2 CFSvcs;ConfigFree Service; C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-09 237568] R2 ehSched;Media Center-Planerdienst; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753] R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-12-30 153376] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164] R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745] R2 TAPPSRV;TOSHIBA Application Service; C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-10-28 545568] S2 gupdate1c9b5f4bf60f07e;Google Update Service (gupdate1c9b5f4bf60f07e); C:\Programme\Google\Update\GoogleUpdate.exe [2009-04-05 133104] S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-01 143428] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Geändert von DJIC (26.05.2010 um 22:05 Uhr) |
|
27.05.2010, 20:13
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | bak.exe (mit autorun problem) Hallo und
__________________ Du solltest das Übel an der Wurzel bekämpfen und Programme garnicht mehr automatisch starten lassen, wenn ein Stick eingelegt wurde!! Um autorun zu deaktivieren hab ich mal die noautoplay.reg hochgeladen. Lad das mal auf dem Desktop herunter, führ die Datei aus und bestätige mit ja. Nach einem Neustart des Rechners ist der Autostart auf allen Laufwerken deaktiviert, d.h. keine CD, kein Stick oder sonstwas startet nach dem Einstecken mehr automatisch. Steck danach den Stick mal an und mach einen Vollscan mit Malwarebytes über alle Platten und natürlich diesem USB-Stick.
__________________ |
|
28.05.2010, 09:34
| #3 |
| | bak.exe (mit autorun problem) Hallo, dankeschön für die prompte Antwort, hab mich zu früh gefreut, bekomm ihn einfach nicht weg! Wir haben ihn bei uns in der firma und auch auf unsere maschinen.....keine ahnung was ich machen soll....irgendwas überseh ich in der Registry....weiß wär was das für trojaner oder wurm ist ...bak.exe wird im autorun ausgeführt!?
__________________ |
|
28.05.2010, 14:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | bak.exe (mit autorun problem) Hast Du meinen Beitrag gelesen? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu bak.exe (mit autorun problem) |
| 32 bit, avgntflt.sys, browseui preloader, diagnostics, fontcache, gupdate, hkus\s-1-5-18, liveupdate.exe, media center, pdfforge toolbar, plug-in, shell32.dll, staropen |
Linear-Darstellung
