Trojaner-Board - Virenscans hängen sich auf, verseuchter PC?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Virenscans hängen sich auf, verseuchter PC? (https://www.trojaner-board.de/83361-virenscans-haengen-verseuchter-pc.html)

Virenscans hängen sich auf, verseuchter PC?

Hallo!

Vorgestern habe ich mal wieder Antivir durchlaufen lassen, weil man Laptop gerne einfach mal so abgestürzt ist. Dieses hat jedoch nur bis zu, ich glaube 70%, des Systems geschafft und hat sich dann aufhangen, jedoch wurden noch 4 Java-Viren gefunden. Darüber habe ich mich schlau gemacht und diese auch entfernt, natürlich wollte ich jetzt aber nochmal einen kompletten Scan, doch dieser hängte sich wieder auf, Funde gab es zwar keine, aber es wurde ja auch nicht alles durchsucht. Danach habe ich versucht mit Malwarebytes einen Komplettscan zu machen, dieser hat sich aber nach 40 Minuten Laufzeit auch verabschiedet. Der Laptop hängt sich auf, Maus stockt, Strg+Alt+Entf ist auch nicht mehr möglich, mir bleibt immer noch der Aus-Knopf. Danach hat Vista die Festplatte C schon einige Male auf Konsistenz geprüft, jedoch nichts gravierendes angezeigt. Antivir läuft an sich, updatet auch, der Laptop läuft so aktuell auch in Ordnung. Er scheint mir nur langsamer geworden zu sein, wobei dies auch meiner unendlichen Panik liegen kann.

Jedoch konnte ich RSIT benutzen und habe hier auch die Logs:

Code:

Logfile of random's system information tool 1.06 (written by random/random)

Run by *** at 2010-02-27 13:46:55

Microsoft® Windows Vista™ Home Premium  Service Pack 2

System drive C: has 92 GB (77%) free of 119 GB

Total RAM: 2038 MB (64% free)
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:47:04, on 27.02.2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\***\Downloads\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Merle.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Skytel] Skytel.exe

O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O13 - Gopher Prefix: 

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
 

--

End of file - 6485 bytes
 

======Scheduled tasks folder======
 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}]

Softonic Deutsch FF Toolbar - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll [2009-11-09 2331672]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{9d81af43-de53-48d0-a199-42c2a226b24c} - Softonic Deutsch FF Toolbar - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll [2009-11-09 2331672]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-18 7737344]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-31 4702208]

"Skytel"=C:\Windows\Skytel.exe [2007-10-11 1826816]

"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]

"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-18 2289664]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-06-23 434176]

"ICQ"=D:\Program Files\ICQ7.0\ICQ.exe [2010-02-11 133368]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2009-02-26 210432]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1143a93e-285a-11de-843a-002215568405}]

shell\1\command - F:\.\recycled\info.exe

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd8f27dd-2acc-11de-aded-002215568405}]

shell\1\command - F:\.\recycled\info.exe

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\recycled\info.exe
 
 

======List of files/folders created in the last 1 months======
 

2010-02-27 13:46:55 ----D---- C:\rsit

2010-02-27 13:00:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-02-27 12:54:18 ----D---- C:\Program Files\CCleaner

2010-02-27 12:42:15 ----D---- C:\Program Files\Trend Micro

2010-02-26 00:02:48 ----D---- C:\Program Files\ESET

2010-02-25 22:24:51 ----D---- C:\Users\Merle\AppData\Roaming\Malwarebytes

2010-02-25 22:24:42 ----D---- C:\ProgramData\Malwarebytes

2010-02-25 00:28:59 ----A---- C:\Windows\system32\tzres.dll

2010-02-25 00:28:02 ----A---- C:\Windows\system32\secproc_isv.dll

2010-02-25 00:28:02 ----A---- C:\Windows\system32\secproc.dll

2010-02-25 00:28:00 ----A---- C:\Windows\system32\RMActivate_isv.exe

2010-02-25 00:27:59 ----A---- C:\Windows\system32\secproc_ssp_isv.dll

2010-02-25 00:27:59 ----A---- C:\Windows\system32\secproc_ssp.dll

2010-02-25 00:27:59 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe

2010-02-25 00:27:59 ----A---- C:\Windows\system32\RMActivate_ssp.exe

2010-02-25 00:27:59 ----A---- C:\Windows\system32\RMActivate.exe

2010-02-25 00:27:59 ----A---- C:\Windows\system32\msdrm.dll

2010-02-25 00:27:52 ----A---- C:\Windows\system32\gameux.dll

2010-02-25 00:27:51 ----A---- C:\Windows\system32\Apphlpdm.dll

2010-02-25 00:27:50 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2010-02-24 19:17:56 ----D---- C:\Program Files\Windows Portable Devices

2010-02-24 01:47:41 ----A---- C:\Windows\system32\UIAnimation.dll

2010-02-24 01:47:40 ----A---- C:\Windows\system32\UIRibbonRes.dll

2010-02-24 01:47:40 ----A---- C:\Windows\system32\UIRibbon.dll

2010-02-24 01:47:02 ----A---- C:\Windows\system32\WMPhoto.dll

2010-02-24 01:47:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll

2010-02-24 01:47:01 ----A---- C:\Windows\system32\d3d10warp.dll

2010-02-24 01:47:01 ----A---- C:\Windows\system32\cdd.dll

2010-02-24 01:47:00 ----A---- C:\Windows\system32\xpsservices.dll

2010-02-24 01:47:00 ----A---- C:\Windows\system32\XpsRasterService.dll

2010-02-24 01:47:00 ----A---- C:\Windows\system32\XpsPrint.dll

2010-02-24 01:47:00 ----A---- C:\Windows\system32\XpsGdiConverter.dll

2010-02-24 01:47:00 ----A---- C:\Windows\system32\WindowsCodecsExt.dll

2010-02-24 01:47:00 ----A---- C:\Windows\system32\WindowsCodecs.dll

2010-02-24 01:47:00 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe

2010-02-24 01:47:00 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll

2010-02-24 01:47:00 ----A---- C:\Windows\system32\OpcServices.dll

2010-02-24 01:47:00 ----A---- C:\Windows\system32\dxdiagn.dll

2010-02-24 01:47:00 ----A---- C:\Windows\system32\dxdiag.exe

2010-02-24 01:47:00 ----A---- C:\Windows\system32\d2d1.dll

2010-02-24 01:46:59 ----A---- C:\Windows\system32\FntCache.dll

2010-02-24 01:46:59 ----A---- C:\Windows\system32\dxgi.dll

2010-02-24 01:46:59 ----A---- C:\Windows\system32\DWrite.dll

2010-02-24 01:46:59 ----A---- C:\Windows\system32\d3d11.dll

2010-02-24 01:46:59 ----A---- C:\Windows\system32\d3d10level9.dll

2010-02-24 01:46:59 ----A---- C:\Windows\system32\d3d10core.dll

2010-02-24 01:46:59 ----A---- C:\Windows\system32\d3d10_1core.dll

2010-02-24 01:46:59 ----A---- C:\Windows\system32\d3d10_1.dll

2010-02-24 01:46:59 ----A---- C:\Windows\system32\d3d10.dll

2010-02-24 01:46:31 ----A---- C:\Windows\system32\WPDShextAutoplay.exe

2010-02-24 01:46:31 ----A---- C:\Windows\system32\wpdbusenum.dll

2010-02-24 01:46:31 ----A---- C:\Windows\system32\BthMtpContextHandler.dll

2010-02-24 01:46:28 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll

2010-02-24 01:46:26 ----A---- C:\Windows\system32\WPDSp.dll

2010-02-24 01:46:26 ----A---- C:\Windows\system32\WPDShServiceObj.dll

2010-02-24 01:46:26 ----A---- C:\Windows\system32\wpdshext.dll

2010-02-24 01:46:26 ----A---- C:\Windows\system32\WpdMtpUS.dll

2010-02-24 01:46:26 ----A---- C:\Windows\system32\WpdMtp.dll

2010-02-24 01:46:26 ----A---- C:\Windows\system32\WpdConns.dll

2010-02-24 01:46:26 ----A---- C:\Windows\system32\wpd_ci.dll

2010-02-24 01:46:26 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll

2010-02-24 01:46:26 ----A---- C:\Windows\system32\PortableDeviceTypes.dll

2010-02-24 01:46:26 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll

2010-02-24 01:46:26 ----A---- C:\Windows\system32\PortableDeviceApi.dll

2010-02-24 01:45:16 ----A---- C:\Windows\system32\UIAutomationCore.dll

2010-02-24 01:45:16 ----A---- C:\Windows\system32\oleaccrc.dll

2010-02-24 01:45:16 ----A---- C:\Windows\system32\oleacc.dll

2010-02-22 21:35:33 ----D---- C:\Windows\system32\eu-ES

2010-02-22 21:35:33 ----D---- C:\Windows\system32\ca-ES

2010-02-22 21:35:31 ----D---- C:\Windows\system32\vi-VN

2010-02-15 16:25:50 ----D---- C:\Program Files\iPod

2010-02-15 16:21:46 ----D---- C:\Program Files\QuickTime

2010-02-15 01:08:57 ----A---- C:\Windows\movexe.exe

2010-02-10 18:19:51 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-02-10 18:19:51 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-02-10 18:19:42 ----A---- C:\Windows\system32\tsbyuv.dll

2010-02-10 18:19:42 ----A---- C:\Windows\system32\quartz.dll

2010-02-10 18:19:42 ----A---- C:\Windows\system32\msyuv.dll

2010-02-10 18:19:42 ----A---- C:\Windows\system32\msvidc32.dll

2010-02-10 18:19:42 ----A---- C:\Windows\system32\msrle32.dll

2010-02-10 18:19:41 ----A---- C:\Windows\system32\msvfw32.dll

2010-02-10 18:19:41 ----A---- C:\Windows\system32\mciavi32.dll

2010-02-10 18:19:41 ----A---- C:\Windows\system32\iyuv_32.dll

2010-02-10 18:19:41 ----A---- C:\Windows\system32\avifil32.dll

2010-02-01 14:51:31 ----D---- C:\Program Files\DVDVideoSoft
 

======List of files/folders modified in the last 1 months======
 

2010-02-27 13:46:57 ----D---- C:\Windows\Temp

2010-02-27 13:46:35 ----D---- C:\Users\Merle\AppData\Roaming\ICQ

2010-02-27 13:37:15 ----A---- C:\Windows\system32\acovcnt.exe

2010-02-27 13:01:03 ----D---- C:\Windows\system32\drivers

2010-02-27 13:00:59 ----RD---- C:\Program Files

2010-02-27 12:59:00 ----D---- C:\Windows\Minidump

2010-02-27 12:59:00 ----D---- C:\Windows\Debug

2010-02-27 12:59:00 ----D---- C:\Windows

2010-02-27 12:41:13 ----D---- C:\Windows\System32

2010-02-27 12:41:13 ----D---- C:\Windows\inf

2010-02-27 12:41:13 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-02-26 15:11:45 ----SHD---- C:\Windows\Installer

2010-02-26 00:02:50 ----SD---- C:\Windows\Downloaded Program Files

2010-02-25 22:24:42 ----HD---- C:\ProgramData

2010-02-25 22:09:09 ----D---- C:\Program Files\Mozilla Firefox

2010-02-25 20:32:25 ----SHD---- C:\System Volume Information

2010-02-25 20:09:53 ----D---- C:\Windows\Prefetch

2010-02-25 16:36:01 ----D---- C:\Windows\rescache

2010-02-25 16:18:38 ----D---- C:\Windows\system32\de-DE

2010-02-25 16:18:38 ----D---- C:\Windows\AppPatch

2010-02-25 16:18:37 ----RSD---- C:\Windows\Fonts

2010-02-25 13:52:17 ----D---- C:\Windows\winsxs

2010-02-25 13:50:52 ----D---- C:\Windows\system32\catroot

2010-02-25 00:27:18 ----D---- C:\Windows\system32\catroot2

2010-02-24 22:47:31 ----D---- C:\Users\Merle\AppData\Roaming\gtk-2.0

2010-02-24 19:20:19 ----D---- C:\Windows\system32\Tasks

2010-02-24 19:17:56 ----D---- C:\Windows\system32\wbem

2010-02-24 19:17:52 ----D---- C:\Windows\system32\zh-TW

2010-02-24 19:17:52 ----D---- C:\Windows\system32\zh-HK

2010-02-24 19:17:52 ----D---- C:\Windows\system32\zh-CN

2010-02-24 19:17:52 ----D---- C:\Windows\system32\uk-UA

2010-02-24 19:17:52 ----D---- C:\Windows\system32\tr-TR

2010-02-24 19:17:52 ----D---- C:\Windows\system32\th-TH

2010-02-24 19:17:52 ----D---- C:\Windows\system32\sv-SE

2010-02-24 19:17:52 ----D---- C:\Windows\system32\sr-Latn-CS

2010-02-24 19:17:52 ----D---- C:\Windows\system32\sl-SI

2010-02-24 19:17:52 ----D---- C:\Windows\system32\sk-SK

2010-02-24 19:17:52 ----D---- C:\Windows\system32\ru-RU

2010-02-24 19:17:52 ----D---- C:\Windows\system32\ro-RO

2010-02-24 19:17:52 ----D---- C:\Windows\system32\pt-PT

2010-02-24 19:17:52 ----D---- C:\Windows\system32\pt-BR

2010-02-24 19:17:52 ----D---- C:\Windows\system32\pl-PL

2010-02-24 19:17:52 ----D---- C:\Windows\system32\nl-NL

2010-02-24 19:17:52 ----D---- C:\Windows\system32\nb-NO

2010-02-24 19:17:52 ----D---- C:\Windows\system32\lv-LV

2010-02-24 19:17:52 ----D---- C:\Windows\system32\lt-LT

2010-02-24 19:17:52 ----D---- C:\Windows\system32\ko-KR

2010-02-24 19:17:52 ----D---- C:\Windows\system32\ja-JP

2010-02-24 19:17:52 ----D---- C:\Windows\system32\it-IT

2010-02-24 19:17:52 ----D---- C:\Windows\system32\hu-HU

2010-02-24 19:17:52 ----D---- C:\Windows\system32\hr-HR

2010-02-24 19:17:52 ----D---- C:\Windows\system32\he-IL

2010-02-24 19:17:52 ----D---- C:\Windows\system32\fr-FR

2010-02-24 19:17:52 ----D---- C:\Windows\system32\fi-FI

2010-02-24 19:17:52 ----D---- C:\Windows\system32\et-EE

2010-02-24 19:17:52 ----D---- C:\Windows\system32\es-ES

2010-02-24 19:17:52 ----D---- C:\Windows\system32\en-US

2010-02-24 19:17:52 ----D---- C:\Windows\system32\el-GR

2010-02-24 19:17:52 ----D---- C:\Windows\system32\da-DK

2010-02-24 19:17:52 ----D---- C:\Windows\system32\cs-CZ

2010-02-24 19:17:52 ----D---- C:\Windows\system32\bg-BG

2010-02-24 19:17:52 ----D---- C:\Windows\system32\ar-SA

2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe

2010-02-24 01:48:00 ----D---- C:\Windows\Microsoft.NET

2010-02-24 01:47:45 ----RSD---- C:\Windows\assembly

2010-02-22 21:44:55 ----SHD---- C:\Boot

2010-02-22 21:37:28 ----D---- C:\Program Files\Windows Calendar

2010-02-22 21:37:27 ----D---- C:\Program Files\Windows Mail

2010-02-22 21:37:27 ----D---- C:\Program Files\Movie Maker

2010-02-22 21:37:24 ----D---- C:\Program Files\Windows Sidebar

2010-02-22 21:37:24 ----D---- C:\Program Files\Windows Media Player

2010-02-22 21:37:24 ----D---- C:\Program Files\Internet Explorer

2010-02-22 21:37:23 ----D---- C:\Program Files\Windows Journal

2010-02-22 21:37:23 ----D---- C:\Program Files\Windows Collaboration

2010-02-22 21:37:20 ----D---- C:\Program Files\Windows Photo Gallery

2010-02-22 21:37:20 ----D---- C:\Program Files\Common Files\System

2010-02-22 21:37:14 ----D---- C:\Windows\servicing

2010-02-22 21:37:14 ----D---- C:\Program Files\Windows Defender

2010-02-22 21:37:13 ----D---- C:\Windows\ehome

2010-02-22 21:36:54 ----D---- C:\Windows\IME

2010-02-22 21:36:53 ----D---- C:\Windows\system32\XPSViewer

2010-02-22 21:36:46 ----D---- C:\Windows\system32\oobe

2010-02-22 21:36:45 ----D---- C:\Windows\system32\migration

2010-02-22 21:36:40 ----D---- C:\Windows\system32\SLUI

2010-02-22 21:36:40 ----D---- C:\Windows\system32\setup

2010-02-22 21:36:40 ----D---- C:\Windows\system32\AdvancedInstallers

2010-02-22 21:36:37 ----D---- C:\Windows\system32\manifeststore

2010-02-22 21:36:29 ----D---- C:\Windows\system32\migwiz

2010-02-22 21:35:31 ----D---- C:\Windows\system32\Boot

2010-02-22 21:33:42 ----D---- C:\Windows\system32\RTCOM

2010-02-15 16:25:47 ----D---- C:\Program Files\Common Files\Apple

2010-02-15 01:13:46 ----A---- C:\Windows\win.ini

2010-02-06 16:46:20 ----D---- C:\Users\***\AppData\Roaming\vlc

2010-02-04 22:00:09 ----D---- C:\Users\***\AppData\Roaming\Apple Computer

2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe

2010-02-01 14:51:53 ----D---- C:\Program Files\Common Files\DVDVideoSoft
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-06-25 96104]

R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-25 28520]

R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-12 56816]

R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-09 45568]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-12-06 761856]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-11-01 2011224]

R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]

R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]

R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-07-13 50688]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]

R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]

R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]

S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]

S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]

S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]

S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]

S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\Windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\Windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\Windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]

S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]

S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-25 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]

R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]

R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728]

R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
 

-----------------EOF-----------------

Code:

info.txt logfile of random's system information tool 1.06 2010-02-27 13:47:09
 

======Uninstall list======
 

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\UninstFl.exe -q

Adobe Reader 8.1.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}

Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"

ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\SETUP.exe -runfromtemp -l0x0009 -removeonly

ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9 

ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x0009 -removeonly

Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe" -l0x9  -removeonly

ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\SETUP.exe -runfromtemp -l0x0009 -removeonly

ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly

ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly

Audacity 1.2.6-->"D:\Program Files\Audacity\unins000.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"

Creative Systeminformationen-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7  /remove

CyberLink LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe"  -uninstall

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"

Free WMA to MP3 Converter 1.16-->"C:\Program Files\Free WMA to MP3 Converter\unins000.exe"

Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"

GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"

Google Earth Plug-in-->MsiExec.exe /X{DA80700F-068D-11DF-9686-005056806466}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly

Icy Tower v1.4-->"d:\games\icytower1.4\unins000.exe"

Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall

iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}

Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

kaltkaltkalt  Screen Saver-->C:\Windows\kaltkaltkalt.scr /u

Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"

licht am ende des sargs  Screen Saver-->C:\Windows\licht am ende des sargs.scr /u

LightScribe System Software  1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller

Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mp3tag v2.43-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MySpace Toolbar-->C:\Program Files\MySpace\Toolbar\1.0.70.0\Uninstall.exe

NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9 

OpenOffice.org 3.1-->MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585}

Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe"  -uninstall

Power4Gear eXtreme-->C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\setup.exe -runfromtemp -l0x0009 -removeonly

QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}

Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\SETUP.exe -runfromtemp -l0x0009 -removeonly

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Revo Uninstaller 1.85-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything

Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

Softonic_Deutsch_FF Toolbar-->C:\PROGRA~1\SOFTON~1\UNWISE.EXE   /U C:\PROGRA~1\SOFTON~1\INSTALL.LOG  

Sony Ericsson PC Suite 6.007.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

UnderCoverXP 1.22-->"D:\Program Files\UnderCoverXP\unins000.exe"

Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}

VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Winamp-->"D:\Program Files\Winamp\UninstWA.exe"

Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}

Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}

Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}

Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9 

Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly
 

=====HijackThis Backups=====
 

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunesHelper.exe" [2010-02-27]

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing) [2010-02-27]

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2010-02-27]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search [2010-02-27]

O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe [2010-02-27]

R3 - URLSearchHook: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll [2010-02-27]

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) [2010-02-27]

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2010-02-27]

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) [2010-02-27]

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2010-02-27]
 

======Security center information======
 

AS: Windows Defender
 

======System event log======
 

Computer Name: xxx

Event Code: 7036

Message: Dienst "Volumeschattenkopie" befindet sich jetzt im Status "Beendet".

Record Number: 131041

Source Name: Service Control Manager

Time Written: 20091113182142.000000-000

Event Type: Informationen

User: 
 

Computer Name: xxx

Event Code: 3005

Message: Zum Schutz dieses Computers vor Spyware und möglicherweise unerwünschter Software wurden vom Windows-Defender-Echtzeitschutz-Agent Maßnahmen ergriffen.

 Weitere Informationen finden Sie hier:

Nicht zutreffend

         Scan-ID: {805C1F0C-58B1-4CD8-9EE2-19506F9F019F}

          Benutzer: xxx

         Name: Unknown

         ID: 

         Schweregrad-ID: 

         Kategorie-ID: 

         Warnungsart: Nicht klassifizierte Software

         Aktion: Ignorieren

Record Number: 131040

Source Name: Microsoft-Windows-Windows Defender

Time Written: 20091113182051.000000-000

Event Type: Informationen

User: 
 

Computer Name: xxx

Event Code: 3004

Message: Vom Windows-Defender-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. Windows-Defender kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

 Weitere Informationen finden Sie im Folgenden:

Nicht zutreffend

         Scan-ID: {805C1F0C-58B1-4CD8-9EE2-19506F9F019F}

          Benutzer: xxx

         Name: Unknown

         ID: 

         Schweregrad-ID: 

         Kategorie-ID: 

         Gefundener Pfad: regkey:HKCU@S-1-5-21-3028459587-2817758538-2247457905-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Sony Ericsson PC Suite;runkey:HKCU@S-1-5-21-3028459587-2817758538-2247457905-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Sony Ericsson PC Suite;file:C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

         Warnungsart: Nicht klassifizierte Software

         Feststellungstyp:  

Record Number: 131039

Source Name: Microsoft-Windows-Windows Defender

Time Written: 20091113182046.000000-000

Event Type: Warnung

User: 
 

Computer Name: xxx

Event Code: 20001

Message: Der Prozess zum Installieren von Treiber FileRepository\seehcri.inf_a8cd7fcd\seehcri.inf für Geräteinstanz-ID USB\ROOT_HUB20\4&D291B8C&0 wurde mit folgendem Status beendet: 0.

Record Number: 131038

Source Name: Microsoft-Windows-User-PnP

Time Written: 20091113182030.998289-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: xxx

Event Code: 20003

Message: Der Prozess zum Hinzufügen von Dienst usbhub für Geräteinstanz-ID USB\ROOT_HUB20\4&D291B8C&0 wurde mit folgendem Status beendet: 0.

Record Number: 131037

Source Name: Microsoft-Windows-User-PnP

Time Written: 20091113182029.649889-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

=====Application event log=====
 

Computer Name: WIN-Z060AQ5IT4M

Event Code: 36

Message: 

Record Number: 631

Source Name: ccSvcHst

Time Written: 20081120210602.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: WIN-Z060AQ5IT4M

Event Code: 36

Message: 

Record Number: 630

Source Name: ccSvcHst

Time Written: 20081120210602.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: WIN-Z060AQ5IT4M

Event Code: 36

Message: 

Record Number: 629

Source Name: ccSvcHst

Time Written: 20081120210602.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: WIN-Z060AQ5IT4M

Event Code: 36

Message: 

Record Number: 628

Source Name: ccSvcHst

Time Written: 20081120210602.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: WIN-Z060AQ5IT4M

Event Code: 1013

Message: Der Windows-Suchdienst wurde normal beendet.
 

Record Number: 627

Source Name: Microsoft-Windows-Search

Time Written: 20081120210600.000000-000

Event Type: Informationen

User: 
 

=====Security event log=====
 

Computer Name: xxx

Event Code: 4648

Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                xxx

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Konto, dessen Anmeldeinformationen verwendet wurden:

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Zielserver:

        Zielservername:        localhost

        Weitere Informationen:        localhost
 

Prozessinformationen:

        Prozess-ID:                0x284

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Netzwerkadresse:        -

        Port:                        -
 

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.

Record Number: 13181

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090302201605.237063-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: xxx

Event Code: 5056

Message: Ein Kryptografieselbsttest wurde ausgeführt.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                xxx

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7
 

Modul:                ncrypt.dll
 

Rückgabecode:        0x0

Record Number: 13180

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090302201604.769063-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: xxx

Event Code: 4672

Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7
 

Berechtigungen:                SeAssignPrimaryTokenPrivilege

                        SeTcbPrivilege

                        SeSecurityPrivilege

                        SeTakeOwnershipPrivilege

                        SeLoadDriverPrivilege

                        SeBackupPrivilege

                        SeRestorePrivilege

                        SeDebugPrivilege

                        SeAuditPrivilege

                        SeSystemEnvironmentPrivilege

                        SeImpersonatePrivilege

Record Number: 13179

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090302201603.833063-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: xxx

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                xxx

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7
 

Anmeldetyp:                        5
 

Neue Anmeldung:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Prozessinformationen:

        Prozess-ID:                0x284

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Arbeitsstationsname:        

        Quellnetzwerkadresse:        -

        Quellport:                -
 

Detaillierte Authentifizierungsinformationen:

        Anmeldeprozess:                Advapi  

        Authentifizierungspaket:        Negotiate

        Übertragene Dienste:        -

        Paketname (nur NTLM):        -

        Schlüssellänge:                0
 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

         - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 13178

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090302201603.833063-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: xxx

Event Code: 4648

Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                xxx

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Konto, dessen Anmeldeinformationen verwendet wurden:

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Zielserver:

        Zielservername:        localhost

        Weitere Informationen:        localhost
 

Prozessinformationen:

        Prozess-ID:                0x284

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Netzwerkadresse:        -

        Port:                        -
 

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.

Record Number: 13177

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090302201603.833063-000

Event Type: Überwachung erfolgreich

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"configsetroot"=%SystemRoot%\ConfigSetRoot

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
 

-----------------EOF-----------------

Ich bedanke mich schon einmal für jegliche Hilfe!

also die dateien kommen mir schleierhaft vor

C:\Windows\system32\Dwm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe

die dateien mal bitte auf virustotal uppen und dann logfile posten

Dankeschön schonmal für die rasche Antwort ich habe die Datein überprüfen lassen,vielleicht hilfts ja weiter.

Code:

Datei dwm.exe empfangen 2010.02.27 13:53:55 (UTC)

Antivirus        Version        letzte aktualisierung        Ergebnis

a-squared        4.5.0.50        2010.02.27        -

AhnLab-V3        5.0.0.2        2010.02.27        -

AntiVir        8.2.1.176        2010.02.26        -

Antiy-AVL        2.0.3.7        2010.02.26        -

Authentium        5.2.0.5        2010.02.27        -

Avast        4.8.1351.0        2010.02.27        -

Avast5        5.0.332.0        2010.02.27        -

AVG        9.0.0.730        2010.02.26        -

BitDefender        7.2        2010.02.27        -

CAT-QuickHeal        10.00        2010.02.27        -

ClamAV        0.96.0.0-git        2010.02.27        -

Comodo        4084        2010.02.27        -

DrWeb        5.0.1.12222        2010.02.27        -

eSafe        7.0.17.0        2010.02.25        -

eTrust-Vet        35.2.7331        2010.02.26        -

F-Prot        4.5.1.85        2010.02.27        -

F-Secure        9.0.15370.0        2010.02.27        -

Fortinet        4.0.14.0        2010.02.27        -

GData        19        2010.02.27        -

Ikarus        T3.1.1.80.0        2010.02.27        -

Jiangmin        13.0.900        2010.02.27        -

K7AntiVirus        7.10.984        2010.02.26        -

Kaspersky        7.0.0.125        2010.02.27        -

McAfee        5904        2010.02.26        -

McAfee+Artemis        5904        2010.02.26        -

McAfee-GW-Edition        6.8.5        2010.02.27        -

Microsoft        1.5502        2010.02.27        -

NOD32        4899        2010.02.26        -

Norman        6.04.08        2010.02.27        -

nProtect        2009.1.8.0        2010.02.27        -

Panda        10.0.2.2        2010.02.27        -

PCTools        7.0.3.5        2010.02.27        -

Rising        22.36.05.04        2010.02.27        -

Sophos        4.50.0        2010.02.27        -

Sunbelt        5702        2010.02.27        -

Symantec        20091.2.0.41        2010.02.27        -

TheHacker        6.5.1.6.213        2010.02.27        -

TrendMicro        9.120.0.1004        2010.02.27        -

VBA32        3.12.12.2        2010.02.26        -

ViRobot        2010.2.27.2206        2010.02.27        -

VirusBuster        5.0.27.0        2010.02.26        -

weitere Informationen

File size: 81920 bytes

MD5...: 01dd1004181fd46ecdc3628228eb269d

SHA1..: 7f99cd6716c9564c266e1086c62709fc7070111a

SHA256: 8aed6773ae1c8b65b4cad6229bd05e224d348cf2a9d9f7d50f2513a9b1e14f66

ssdeep: 1536:VJIp05PZYuOA9hsuO7gKRSgZp6dr8C+zjG4y4bH49:qiPuIhqzU4jjyW<br>

PEiD..: -

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x538d<br>timedatestamp.....: 0x49e01b94 (Sat Apr 11 04:24:52 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x112dc 0x11400 6.46 9901d0f7d0c24273ec2bc71fc4ccb980<br>.data 0x13000 0x27a8 0x1000 0.71 71aa38e36a119573d1c1ad27284d635a<br>.rsrc 0x16000 0x938 0xa00 4.33 374930790fb61912ba9e8b9c66c4c156<br>.reloc 0x17000 0xd10 0xe00 6.53 545051dd4118fad1030d83a97fd7f8f2<br><br>( 11 imports ) <br>&gt; ADVAPI32.dll: RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, UnregisterTraceGuids, TraceEvent, DeregisterEventSource, RegisterEventSourceW, ReportEventW, RegGetValueW, RegCreateKeyExW, RegSetValueExW<br>&gt; KERNEL32.dll: RtlCaptureStackBackTrace, IsDebuggerPresent, DebugBreak, HeapFree, HeapAlloc, HeapReAlloc, GetProcessHeap, TerminateProcess, TerminateThread, GetCurrentThread, GetModuleHandleW, LoadLibraryA, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetModuleHandleA, GetStartupInfoA, InterlockedCompareExchange, FreeLibrary, Sleep, GetUserDefaultLangID, FormatMessageW, GetExitCodeThread, WaitForSingleObject, RegisterWaitForSingleObject, GetThreadId, ProcessIdToSessionId, GetCurrentProcessId, GetCurrentProcess, SetProcessWorkingSetSize, GetSystemInfo, GetTickCount, GetProcAddress, LoadLibraryW, SetErrorMode, QueryFullProcessImageNameW, ExitProcess, GetCurrentThreadId, SetProcessShutdownParameters, SetUnhandledExceptionFilter, HeapSetInformation, WerSetFlags, SetLastError, GetLastError, GetTickCount64, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, ResumeThread, DuplicateHandle, InterlockedDecrement, InterlockedIncrement, LocalReAlloc, LocalAlloc, LocalFree, lstrcmpiW, WaitForMultipleObjectsEx, IsWow64Process, SetThreadPriority, CreateThread, OpenProcess, ReleaseMutex, CreateMutexW, SetEvent, OpenEventW, CreateEventW, SignalObjectAndWait, CloseHandle, UnhandledExceptionFilter, DelayLoadFailureHook, EnterCriticalSection, InterlockedExchange<br>&gt; GDI32.dll: CreateCompatibleBitmap, DeleteObject, GetDIBits, CreateDIBSection, GetRandomRgn, GetStockObject, CreateRectRgn, GdiAlphaBlend, OffsetRgn, CombineRgn, CreateCompatibleDC, SelectClipRgn, SelectObject, GetRgnBox, DeleteDC, BitBlt, GetDeviceCaps<br>&gt; USER32.dll: RegisterSessionPort, DwmStopRedirection, GetDC, ReleaseDC, EnumDisplayDevicesW, DwmStartRedirection, UnregisterSessionPort, CheckDesktopByThreadId, EnumDisplaySettingsW, GetSystemMetrics, RegisterErrorReportingDialog, RegisterGhostWindow, HungWindowFromGhostWindow, InternalGetWindowIcon, GhostWindowFromHungWindow, RegisterFrostWindow, OpenThreadDesktop, SetForegroundWindow, IsHungAppWindow, MessageBeep, IsWindowEnabled, EnumWindows, FlashWindowEx, SystemParametersInfoW, IsWindow, GetCaretBlinkTime, EndTask, OpenDesktopW, IsDialogMessageW, GetAncestor, SetThreadDesktop, EndPaint, ClientToScreen, InternalGetWindowText, GetUpdateRgn, SetTimer, IsIconic, FillRect, KillTimer, IsZoomed, GetTitleBarInfo, GetWindowInfo, LogicalToPhysicalPoint, GetClientRect, BeginPaint, InvalidateRect, GetWindowLongW, GetWindowTextW, GetDCEx, SetWindowLongW, ShowWindow, GetSysColorBrush, GetGuiResources, SetWindowPos, LoadStringW, LoadIconW, RegisterWindowMessageW, DispatchMessageW, TranslateMessage, PeekMessageW, RegisterPowerSettingNotification, PostQuitMessage, DestroyWindow, UnregisterPowerSettingNotification, DefWindowProcW, CreateWindowExW, RegisterClassExW, SetProcessDPIAware, PostMessageW, MsgWaitForMultipleObjectsEx, GetThreadDesktop, GetUserObjectInformationW, CloseDesktop, ChangeWindowMessageFilter, GetWindow, GetMonitorInfoW, GetPropW, AdjustWindowRectEx, MonitorFromWindow, GetClassNameW, SetClassLongW, OffsetRect, GetWindowRect, GetWindowThreadProcessId, DestroyIcon, SetWindowTextW, UpdateWindow, SendMessageW, IsWindowVisible, PostThreadMessageW, CreateDialogParamW<br>&gt; msvcrt.dll: _except_handler4_common, _onexit, _lock, __dllonexit, _unlock, memset, rand, srand, _controlfp, _terminate@@YAXXZ, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _purecall, _vsnwprintf, _wcsicmp, memmove, wcsrchr, __getmainargs, _cexit, _exit, _XcptFilter, _ismbblead, exit, _acmdln, _initterm, memcpy<br>&gt; ntdll.dll: RtlEnumerateGenericTableWithoutSplaying, RtlDeleteElementGenericTable, RtlInitializeGenericTable, DbgPrompt, DbgBreakPoint, NtQuerySystemInformation, NtAcceptConnectPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtRequestPort, NtConnectPort, NtRequestWaitReplyPort, WinSqmIsOptedIn, RtlUpcaseUnicodeChar, NtClose, RtlFreeSid, NtAlpcSendWaitReceivePort, NtAlpcConnectPort, RtlAllocateAndInitializeSid, WinSqmEventWrite, WinSqmEventEnabled, NtQueryInformationProcess, DbgPrintEx, WinSqmAddToStream, NtReplyPort, NtCreateWaitablePort, RtlInitUnicodeString, RtlInsertElementGenericTable, RtlNumberGenericTableElements, RtlIsGenericTableEmpty, RtlLookupElementGenericTable<br>&gt; ole32.dll: CoCreateInstance, CoUninitialize, CoInitialize<br>&gt; OLEAUT32.dll: -, -<br>&gt; UxTheme.dll: CloseThemeData, OpenThemeData<br>&gt; IMM32.dll: ImmDisableIME<br>&gt; dwmredir.dll: DwmRedirectionManagerDispatchMessage, DwmRedirectionManagerShutdown, DwmRedirectionManagerInitialize, DwmShutdownTransport, DwmRedirectionManagerPlayingVideo, DwmRedirectionManagerFailMessage, DwmVersionCheck, DwmRedirectionManagerLockMemoryAllocations, DwmRedirectionManagerWaitForMultipleObjects, DwmInitializeTransport, DwmRedirectionManagerEnableMMCSS<br><br>( 0 exports ) <br>

RDS...: NSRL Reference Data Set<br>-

pdfid.: -

trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: Desktop Window Manager<br>original name: dwm.exe<br>internal name: dwm.exe<br>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Code:

Datei hkcmd.exe empfangen 2010.02.27 14:01:44 (UTC)

Antivirus        Version        letzte aktualisierung        Ergebnis

a-squared        4.5.0.50        2010.02.27        -

AhnLab-V3        5.0.0.2        2010.02.27        -

AntiVir        8.2.1.176        2010.02.26        -

Antiy-AVL        2.0.3.7        2010.02.26        -

Authentium        5.2.0.5        2010.02.27        -

Avast        4.8.1351.0        2010.02.27        -

Avast5        5.0.332.0        2010.02.27        -

AVG        9.0.0.730        2010.02.26        -

BitDefender        7.2        2010.02.27        -

CAT-QuickHeal        10.00        2010.02.27        -

ClamAV        0.96.0.0-git        2010.02.27        -

Comodo        4084        2010.02.27        -

DrWeb        5.0.1.12222        2010.02.27        -

eSafe        7.0.17.0        2010.02.25        -

eTrust-Vet        35.2.7331        2010.02.26        -

F-Prot        4.5.1.85        2010.02.27        -

F-Secure        9.0.15370.0        2010.02.27        -

Fortinet        4.0.14.0        2010.02.27        -

GData        19        2010.02.27        -

Ikarus        T3.1.1.80.0        2010.02.27        -

Jiangmin        13.0.900        2010.02.27        -

K7AntiVirus        7.10.984        2010.02.26        -

Kaspersky        7.0.0.125        2010.02.27        -

McAfee        5904        2010.02.26        -

McAfee+Artemis        5904        2010.02.26        -

McAfee-GW-Edition        6.8.5        2010.02.27        -

Microsoft        1.5502        2010.02.27        -

NOD32        4899        2010.02.26        -

Norman        6.04.08        2010.02.27        -

nProtect        2009.1.8.0        2010.02.27        -

Panda        10.0.2.2        2010.02.27        -

PCTools        7.0.3.5        2010.02.27        -

Prevx        3.0        2010.02.27        -

Rising        22.36.05.04        2010.02.27        -

Sophos        4.50.0        2010.02.27        -

Sunbelt        5702        2010.02.27        -

Symantec        20091.2.0.41        2010.02.27        -

TheHacker        6.5.1.6.213        2010.02.27        -

TrendMicro        9.120.0.1004        2010.02.27        -

VBA32        3.12.12.2        2010.02.26        -

ViRobot        2010.2.27.2206        2010.02.27        -

VirusBuster        5.0.27.0        2010.02.26        -

weitere Informationen

File size: 173592 bytes

MD5...: 63ffa18e782debbe8cc62195ad3783ca

SHA1..: 6619f2f10514da62e1d76f6b097d899b53cde406

SHA256: 11012e63516cef79519da83123d2200ad1ead7f2d80d6ec17eb0a63f638f96aa

ssdeep: 3072:f4raStqwdbdsTCRqIrjd487gL2J8KZ12ycIkTrID5IXJJ:PSDt/dHEh/ImI<br>iX7<br>

PEiD..: -

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10cc0<br>timedatestamp.....: 0x49a6e7d3 (Thu Feb 26 19:04:51 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1d7e0 0x1d800 6.64 572e8259d7df1c32fa72c5af62180a71<br>.rdata 0x1f000 0x5444 0x5600 5.30 995c03ca4784db1a1366437ad7416ee8<br>.data 0x25000 0x6864 0x4c00 3.44 0d7b5e4bf73db7e11b9cdfd7cf966dc9<br>.rsrc 0x2c000 0xc8c 0xe00 4.44 2de30254063bd995e6355fc7747442c7<br><br>( 7 imports ) <br>&gt; hccutils.DLL: FindResources, LoadSTRINGFromHKCU, LoadSTRING<br>&gt; KERNEL32.dll: GetModuleHandleA, CreateProcessA, FreeLibrary, LoadLibraryA, CloseHandle, GetLastError, InterlockedDecrement, SearchPathA, CompareFileTime, MultiByteToWideChar, WideCharToMultiByte, lstrlenW, RaiseException, InitializeCriticalSection, DeleteCriticalSection, lstrlenA, lstrcmpiA, InterlockedIncrement, GetModuleFileNameA, GetModuleHandleW, IsDBCSLeadByte, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, GetWindowsDirectoryA, Sleep, CreateMutexA, GetCurrentThreadId, GetCommandLineA, EnterCriticalSection, LeaveCriticalSection, FlushInstructionCache, GetCurrentProcess, GetSystemDefaultLangID, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoA, GetProcAddress, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, SetFilePointer, InitializeCriticalSectionAndSpinCount, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetStringTypeW, GetStringTypeA, LCMapStringA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, HeapSize, GetStdHandle, WriteFile, HeapCreate, HeapReAlloc, ExitProcess, LCMapStringW, GetConsoleOutputCP, WriteConsoleW, CreateFileA, FlushFileBuffers, VirtualAlloc, TerminateProcess, UnhandledExceptionFilter, VirtualFree, SetUnhandledExceptionFilter, IsDebuggerPresent, SetLastError, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetStartupInfoA, VirtualQuery, GetSystemInfo, VirtualProtect, IsProcessorFeaturePresent, HeapAlloc, GetProcessHeap, HeapFree, InterlockedCompareExchange, RtlUnwind<br>&gt; USER32.dll: CharNextW, PostThreadMessageA, UnregisterClassA, wsprintfA, CharNextA, GetWindowLongA, GetCursorPos, EnumDisplayDevicesA, EnumDisplaySettingsA, CreateDialogParamA, CallWindowProcA, RegisterClassExA, UnregisterHotKey, RegisterHotKey, ActivateKeyboardLayout, MapVirtualKeyExA, GetKeyNameTextA, GetKeyboardLayout, GetKeyboardLayoutList, LoadCursorA, GetClassInfoExA, SetWindowLongA, RegisterClassA, CreateWindowExA, GetMessageA, DispatchMessageA, SetTimer, IsWindow, SendMessageA, ShowWindow, PostQuitMessage, PeekMessageA, DefWindowProcA, KillTimer, DestroyWindow, GetDlgItem, GetDesktopWindow, GetWindowRect, SetWindowTextA, MessageBoxA<br>&gt; ADVAPI32.dll: RegEnumKeyExA, RegQueryInfoKeyA, RegDeleteValueA, RegDeleteKeyA, RegSetValueExA, RegCreateKeyExA, RegOpenKeyA, RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>&gt; SHELL32.dll: ShellExecuteExA<br>&gt; ole32.dll: CoRevokeClassObject, CoCreateInstance, CoTaskMemRealloc, CoSuspendClassObjects, CoTaskMemAlloc, CoRegisterClassObject, CoTaskMemFree, StringFromGUID2, CoUninitialize, CoInitialize<br>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -<br><br>( 0 exports ) <br>

RDS...: NSRL Reference Data Set<br>-

pdfid.: -

trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:<br>publisher....: Intel Corporation<br>copyright....: Copyright 1999-2006, Intel Corporation<br>product......: Intel(R) Common User Interface<br>description..: hkcmd Module<br>original name: HKCMD.EXE<br>internal name: HKCMD<br>file version.: 7.14.10.1666<br>comments.....: <br>signers......: Intel Corporation<br> VeriSign Class 3 Code Signing 2004 CA<br> Class 3 Public Primary Certification Authority<br>signing date.: 8:57 PM 2/26/2009<br>verified.....: -<br>

Code:

Datei igfxpers.exe empfangen 2010.02.27 14:04:07 (UTC)

Antivirus        Version        letzte aktualisierung        Ergebnis

a-squared        4.5.0.50        2010.02.27        -

AhnLab-V3        5.0.0.2        2010.02.27        -

AntiVir        8.2.1.176        2010.02.26        -

Antiy-AVL        2.0.3.7        2010.02.26        -

Authentium        5.2.0.5        2010.02.27        -

Avast        4.8.1351.0        2010.02.27        -

Avast5        5.0.332.0        2010.02.24        -

AVG        9.0.0.730        2010.02.26        -

BitDefender        7.2        2010.02.27        -

CAT-QuickHeal        10.00        2010.02.27        -

ClamAV        0.96.0.0-git        2010.02.27        -

Comodo        4084        2010.02.27        -

DrWeb        5.0.1.12222        2010.02.27        -

eSafe        7.0.17.0        2010.02.25        -

eTrust-Vet        35.2.7331        2010.02.26        -

F-Prot        4.5.1.85        2010.02.27        -

F-Secure        9.0.15370.0        2010.02.27        -

Fortinet        4.0.14.0        2010.02.27        -

GData        19        2010.02.27        -

Ikarus        T3.1.1.80.0        2010.02.27        -

Jiangmin        13.0.900        2010.02.27        -

K7AntiVirus        7.10.984        2010.02.26        -

Kaspersky        7.0.0.125        2010.02.27        -

McAfee        5904        2010.02.26        -

McAfee+Artemis        5904        2010.02.26        -

McAfee-GW-Edition        6.8.5        2010.02.27        -

Microsoft        1.5502        2010.02.27        -

NOD32        4899        2010.02.26        -

Norman        6.04.08        2010.02.27        -

nProtect        2009.1.8.0        2010.02.27        -

Panda        10.0.2.2        2010.02.27        -

PCTools        7.0.3.5        2010.02.27        -

Prevx        3.0        2010.02.27        -

Rising        22.36.05.04        2010.02.27        -

Sophos        4.50.0        2010.02.27        -

Sunbelt        5702        2010.02.27        -

Symantec        20091.2.0.41        2010.02.27        -

TheHacker        6.5.1.6.213        2010.02.27        -

TrendMicro        9.120.0.1004        2010.02.27        -

VBA32        3.12.12.2        2010.02.26        -

ViRobot        2010.2.27.2206        2010.02.27        -

VirusBuster        5.0.27.0        2010.02.26        -

weitere Informationen

File size: 150552 bytes

MD5...: bbf84f08a343374bed5687aa6c5797b8

SHA1..: 77c883005b2ce4068502a6b0c436d54ad1a65291

SHA256: 73bd74f1d3397913f299797f5c69f1503901e4d046643990e753e0c238b665a6

ssdeep: 3072:wRXyzuEA05frcqnHJb/aDX31/6UdqEr75bMA:EX8uArdHJb/aL1SU4QJv<br>

PEiD..: -

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x104dc<br>timedatestamp.....: 0x49a6e7bc (Thu Feb 26 19:04:28 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1b760 0x1b800 6.62 0437dc48c818ccda2c529a15adff06a1<br>.rdata 0x1d000 0x4e42 0x5000 5.33 386e32bb3c986b2909a2fcab3e7880f5<br>.data 0x22000 0x3538 0x1800 3.55 a4917aed43d5ea19e08bfa7a0c1ced40<br>.rsrc 0x26000 0xcf4 0xe00 4.40 c50e787ad0822c2f6bcaccc18674d702<br><br>( 7 imports ) <br>&gt; POWRPROF.dll: GetCurrentPowerPolicies<br>&gt; KERNEL32.dll: GetLastError, GetProcAddress, GetModuleHandleA, lstrlenA, lstrcmpiA, CloseHandle, GetLocaleInfoA, GetUserDefaultUILanguage, TerminateProcess, GetExitCodeProcess, OpenProcess, Process32Next, Process32First, CreateToolhelp32Snapshot, CreateProcessA, InterlockedIncrement, GetModuleFileNameA, GetModuleHandleW, IsDBCSLeadByte, FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, DeleteCriticalSection, LoadLibraryA, CreateMutexA, GetCurrentThreadId, GetCommandLineA, QueryPerformanceCounter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, SetFilePointer, InitializeCriticalSection, RaiseException, lstrlenW, WideCharToMultiByte, GetCurrentProcessId, MultiByteToWideChar, CompareFileTime, InterlockedDecrement, GetSystemPowerStatus, GetTickCount, Sleep, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetEnvironmentStrings, InitializeCriticalSectionAndSpinCount, GetSystemTimeAsFileTime, FreeEnvironmentStringsA, HeapSize, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetStdHandle, WriteFile, EnterCriticalSection, LeaveCriticalSection, HeapFree, GetProcessHeap, RtlUnwind, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetStartupInfoA, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, VirtualFree, HeapReAlloc, HeapCreate, ExitProcess<br>&gt; USER32.dll: PostThreadMessageA, ChangeDisplaySettingsExA, ChangeDisplaySettingsA, CharNextA, SetTimer, PostMessageA, RegisterWindowMessageA, CharNextW, KillTimer, PostQuitMessage, RegisterClassA, CreateWindowExA, GetMessageA, DispatchMessageA, FindWindowA, RegisterDeviceNotificationA, DefWindowProcA, EnumDisplayDevicesA, SendNotifyMessageA, EnumDisplaySettingsA<br>&gt; ADVAPI32.dll: RegEnumKeyExA, RegOpenKeyA, RegQueryInfoKeyA, RegDeleteValueA, RegOpenKeyExA, RegQueryValueExA, RegDeleteKeyA, RegSetValueExA, RegCloseKey, RegCreateKeyExA<br>&gt; SHELL32.dll: ShellExecuteExA<br>&gt; ole32.dll: CoCreateInstance, CoTaskMemAlloc, CoTaskMemRealloc, CoRevokeClassObject, CoRegisterClassObject, CoTaskMemFree, CoUninitialize, CoInitialize, StringFromGUID2, CoSuspendClassObjects<br>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -<br><br>( 0 exports ) <br>

RDS...: NSRL Reference Data Set<br>-

trid..: Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)

pdfid.: -

sigcheck:<br>publisher....: Intel Corporation<br>copyright....: Copyright 1999-2006, Intel Corporation<br>product......: Intel(R) Common User Interface<br>description..: persistence Module<br>original name: IGFXPERS.EXE<br>internal name: PERSISTENCE<br>file version.: 7.14.10.1666<br>comments.....: <br>signers......: Intel Corporation<br> VeriSign Class 3 Code Signing 2004 CA<br> Class 3 Public Primary Certification Authority<br>signing date.: 8:57 PM 2/26/2009<br>verified.....: -<br>

Code:

Datei igfxsrvc.exe empfangen 2010.02.27 14:05:55 (UTC)

Antivirus        Version        letzte aktualisierung        Ergebnis

a-squared        4.5.0.50        2010.02.27        -

AhnLab-V3        5.0.0.2        2010.02.27        -

AntiVir        8.2.1.176        2010.02.26        -

Antiy-AVL        2.0.3.7        2010.02.26        -

Authentium        5.2.0.5        2010.02.27        -

Avast        4.8.1351.0        2010.02.27        -

Avast5        5.0.332.0        2010.02.27        -

AVG        9.0.0.730        2010.02.26        -

BitDefender        7.2        2010.02.27        -

CAT-QuickHeal        10.00        2010.02.27        -

ClamAV        0.96.0.0-git        2010.02.27        -

Comodo        4084        2010.02.27        -

DrWeb        5.0.1.12222        2010.02.27        -

eSafe        7.0.17.0        2010.02.25        -

eTrust-Vet        35.2.7331        2010.02.26        -

F-Prot        4.5.1.85        2010.02.27        -

F-Secure        9.0.15370.0        2010.02.27        -

Fortinet        4.0.14.0        2010.02.27        -

GData        19        2010.02.27        -

Ikarus        T3.1.1.80.0        2010.02.27        -

Jiangmin        13.0.900        2010.02.27        -

K7AntiVirus        7.10.984        2010.02.26        -

Kaspersky        7.0.0.125        2010.02.27        -

McAfee        5904        2010.02.26        -

McAfee+Artemis        5904        2010.02.26        -

McAfee-GW-Edition        6.8.5        2010.02.27        -

Microsoft        1.5502        2010.02.27        -

NOD32        4899        2010.02.26        -

Norman        6.04.08        2010.02.27        -

nProtect        2009.1.8.0        2010.02.27        -

Panda        10.0.2.2        2010.02.27        -

PCTools        7.0.3.5        2010.02.27        -

Prevx        3.0        2010.02.27        -

Rising        22.36.05.04        2010.02.27        -

Sophos        4.50.0        2010.02.27        -

Sunbelt        5702        2010.02.27        -

Symantec        20091.2.0.41        2010.02.27        -

TheHacker        6.5.1.6.213        2010.02.27        -

TrendMicro        9.120.0.1004        2010.02.27        -

VBA32        3.12.12.2        2010.02.26        -

ViRobot        2010.2.27.2206        2010.02.27        -

VirusBuster        5.0.27.0        2010.02.26        -

weitere Informationen

File size: 252952 bytes

MD5...: c5c241a18788eed88e6c276d04b7d6ab

SHA1..: 4c591c4f04ca0967754f1c4d885e23e4d289ff2e

SHA256: 80a142883fdffcfbd6a0313e4e23c816d6efacfdd06223a7902df67cdb1aa2dc

ssdeep: 3072:NOxyVSVsvkGe6PJopLLt1eizV8vgNE65hV+dy1qAg0FumZVO5GfdLrPp:Ky<br>VSVsXPahLtISY0h081qAOehfdLl<br>

PEiD..: -

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x14374<br>timedatestamp.....: 0x49a6e7b0 (Thu Feb 26 19:04:16 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x24880 0x24a00 6.65 533e3edd096066e527aed97b0906c1f3<br>.rdata 0x26000 0xb4a8 0xb600 5.69 1c5b8c513d2a860343213e26542889d3<br>.data 0x32000 0x46a4 0x2a00 4.44 f588750504b9dfcababf627e63844c75<br>.rsrc 0x37000 0x9264 0x9400 5.35 29b491fba218de003a2ec815030ec8bd<br><br>( 5 imports ) <br>&gt; KERNEL32.dll: lstrlenA, lstrcmpiA, SetEvent, CloseHandle, CreateThread, CreateEventA, InterlockedIncrement, GetModuleFileNameA, GetProcAddress, GetModuleHandleW, IsDBCSLeadByte, FreeLibrary, SizeofResource, GetLastError, FindResourceA, LoadLibraryExA, GetModuleHandleA, Sleep, GetCurrentThreadId, GetCommandLineA, FlushFileBuffers, CreateFileA, ReadFile, WriteConsoleW, DeleteCriticalSection, InitializeCriticalSection, RaiseException, lstrlenW, WideCharToMultiByte, MultiByteToWideChar, InterlockedDecrement, CreateMutexA, WaitForSingleObject, LoadResource, ReleaseMutex, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, LoadLibraryA, InitializeCriticalSectionAndSpinCount, GetConsoleMode, GetConsoleCP, SetFilePointer, GetLocaleInfoA, GetStringTypeW, GetStringTypeA, EnterCriticalSection, LeaveCriticalSection, HeapFree, GetProcessHeap, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetStartupInfoA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, LCMapStringA, LCMapStringW, HeapCreate, VirtualFree, HeapReAlloc, ExitProcess, WriteFile, GetStdHandle, HeapSize, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime<br>&gt; USER32.dll: CharNextW, CharNextA, PostThreadMessageA, DispatchMessageA, GetMessageA, wsprintfA<br>&gt; ADVAPI32.dll: RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegEnumKeyExA, RegOpenKeyA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegQueryInfoKeyA<br>&gt; ole32.dll: CoRegisterClassObject, CoTaskMemRealloc, CoTaskMemAlloc, CoCreateInstance, CoTaskMemFree, StringFromGUID2, CoUninitialize, CoInitialize, CoRevokeClassObject<br>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -<br><br>( 0 exports ) <br>

RDS...: NSRL Reference Data Set<br>-

pdfid.: -

trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)

sigcheck:<br>publisher....: Intel Corporation<br>copyright....: Copyright 1999-2006, Intel Corporation<br>product......: Intel(R) Common User Interface<br>description..: igfxsrvc Module<br>original name: IGFXSRVC.EXE<br>internal name: IGFXSRVC<br>file version.: 7.14.10.1666<br>comments.....: <br>signers......: Intel Corporation<br> VeriSign Class 3 Code Signing 2004 CA<br> Class 3 Public Primary Certification Authority<br>signing date.: 8:57 PM 2/26/2009<br>verified.....: -<br>

gut lad dir erstmal kaspersky free runter und dann stelle die dateien unter quarantäne dann las kaspersky mit aktuellen updates laufen und poste dann die logfiles

Zitat:

Zitat von rainboww (Beitrag 506401)

gut lad dir erstmal kaspersky free runter und dann stelle die dateien unter quarantäne dann las kaspersky mit aktuellen updates laufen und poste dann die logfiles

Das Problem wird sein, dass sich mein Laptop auch bei diesem Scanner aufhängen wird...Versuchen kann ich es natürlich.
EDIT: Zudem müsste ich ja Antivira runterschmeißen und ich bin mir sehr sicher, dass das mein Laptop gerade nicht packt und ich mit Pech am Ende sogar ohne Virenschutz dastehe. Gibt es nicht vielleicht irgendein anderes,kleineres Programm, was noch helfen könnte?

gut dann hole dir Avira AntiVir Rescue System von einem sauberen system und brenne es auf cd oder mach es aufn usb stick

http://www.free-av.com/de/produkte/12/avira_antivir_rescue_system.html