Seite 1 von 7 123 ... LetzteLetzte
Ergebnis 1 bis 10 von 67

Thema: Hijacker/ Trojaner oder so was

  1. #1
    Forenbenutzer Avatar von chrusty90
    Registriert seit
    04.05.2008
    Beiträge
    47

    Hijacker/ Trojaner oder so was

    Hallo

    mein Computer wird wohl ferngesteuert und ich kann nicht mehr viele administrative Sachen machen.
    Was ich festgestellt hab, ist, dass das Sicherheitscenter deaktiviert wurde ich es aba auch nitcht mehr einschalten kann...

    Ich habe Windows Vista auf nem Medion Laptop.... laufen tut nicht mehr viel...

    Wäre super wenn mir einer irgendwie helfen kann... Hier die Logfile:

    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 19:51:05, on 02.05.2008
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    
    Running processes:
    C:\Windows\Explorer.EXE
    C:\Users\Christian\AppData\Local\Temp\Temp2_hijackthis_199.zip\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
    O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing)
    O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing)
    O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix: 
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
    O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
    O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    Geändert von Petra (28.05.2008 um 00:10 Uhr) Grund: Code-Tags eingefügt

  2. #2
    schrauber
    Gast

    AW: Hijacker/ Trojaner oder so was

    Hallo chrusty90, Herzlich Willkommen im HijackThis Support Board.

    Ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden. Es ist wichtig, dass Du solange mitarbeitest, bis wir sagen, dass der Rechner "sauber" ist, auch wenn die Symptome eventuell nach den ersten Aktionen verschwunden sein sollten. Dazu gehört auch, keine weiteren Programme zu installieren oder Scans durchzuführen, ausser wenn es hier entsprechend angeordnet wird. Wenn Du dazu bereit bist, arbeite die folgenden Punkte in der angegebenen Reihenfolge ab. Drucke die Anleitungen zur Bereinigung Deines Systems am besten aus. Lese zunächst alles durch und wenn Dir etwas unklar ist, bitte fragen, bevor Du weitermachst.

    Wenn Du mit dem Abarbeiten der einzelnen Punkte fertig bist, kontrolliere aufmerksam, ob Du keinen Punkt vergessen und alle angeforderten Logfiles in Code-Tags gepostet hast. Ergänze Deine jeweils letzten Beiträge solange über den "Ändern-Button", bis Dir jemand geantwortet hat. Wichtig: Bitte während unserer Reinigungphase nur Programme installieren, die wir anordnen. Bitte alle Aktionen, die wir anordnen nicht in einem eingeschränkten Userkonto ausführen, sondern vom Hauptuserkonto aus.

    1. Schritt
    Kannst Du auf Deinem Computer alles sehen?

    Im Windows-Explorer >Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.

    2. Schritt
    Lade dir die aktuelle Version von Hijackthis hier herunter.

    Das Programm HijackThis muss in einem eigenen Ordner laufen, um Backups erstellen zu können.

    Starte HJT und klicke "do a system scan and save a logfile" und poste das Log hier in deinen Thread.

    bitte das Log in Code- Tags setzen Es erleichert uns die Auswertung! (keine Anhänge/Attachments)

    schreibe so: [Code] dann das, was gepostet werden soll, einfügen schreibe wieder[/Code].

    Das Ergebnis sieht dann so aus:
    Code:
    ("hier sieht man dann das, was Du uns posten willst!")



    3. Schritt
    Dateiliste mit HJTscanlist.bat erstellen
    Ich möchte mir den Inhalt einiger kritischer Verzeichnisse auf Deinem System ansehen. Dazu lade folgende Datei herunter HJTscanlist.zip. Entpacke die Datei auf Deinen Desktop. Auf dem Desktop befindet sich nun die Datei HJTscanlist.bat, diese doppelklicken, um sie zu starten. Wähle Dein Betriebssystem aus. Bei Abfrage der Einstellung benutze bitte die Auswahl Nr. 1 (Scanlist). Nun wird die Dateiliste erstellt und in Deinem Editor geöffnet und als hjtscanlist.txt auf Deinem Desktop gespeichert. Poste mir den Inhalt der Dateiliste hier in den Thread.
    Falls Du WindowsXP Home oder Windows 2000 hast, bitte tasklist.zip downloaden und nach C:\Windows\system32 respektive C:\WINNT\system32 entpacken, damit HJTscanlist eine Taskliste erstellen kann. Zur Erklärung: das Tool tasklist.exe ist nur in Windows Professional enthalten und muss bei Windows XP Home nachinstalliert werden.

    4. Schritt
    lade bitte den Deckard's System Scanner (DSS) herunter und speichere ihn auf deinem Desktop.
    NB: Du musst mit Administrator-Rechten angemeldet sein, um dieses Programm laufen lassen zu können.

    1. Schließe ALLE Anwendungen und Fenster.
    2. Mach einen Doppelklick auf die dss.exe um sie auszuführen und folge den Prompts.
    3. Wenn der Scan vollendet ist, werden sich zwei Textdateien öffnen -

    main.txt <- dieses wird maximiert dargestellt und
    extra.txt <- dieses wird als minmierte Datei dargestellt

    4. Kopiere (STRG+A und STRG+C) und füge (STRG+V) den Inhalt von main.txt und den Inhalt von extra.txt in deine nächste Antwort.

    Die Logdateien können sehr lang werden.

    bitte die Logs in Code- Tags setzen

    5. Schritt
    Schritt 1
    Vergewissere dich zunächst, dass du auf deinem Rechner alles siehst:
    (siehe diese Abbildungen, unser Dankeschön an Rene-gad)
    In den Ordneroptionen sollte zuerst das Häkchen entfernt werden bei "geschützte Systemdateien ausblenden" und etwas weiter unten wählt man bei "Versteckte Ordner und Verzeichnisse" den Punkt "Alle Dateien und Ordner anzeigen".

    Schritt 2
    Datei-Kontrolle
    (Solltest du die Datei(en) nicht finden, kannst du den Process Explorer verwenden, um uns die angeforderten Angaben zu zeigen)
    Mach bitte einen Rechtsklick auf die im folgenden genannte(n) Datei(en) (mit der Maus), schau dir an, was unter Eigenschaften steht, kopiere diese Angaben (Datei Version, Beschreibung der Datei, Copyright bei wem? FirmenName) hier in deinen Thread von:

    C:\Windows\system32\afinding.exe
    C:\Windows\system32\perfs.exe
    C:\Windows\system32\routing.exe
    C:\Windows\system32\wserving.exe


    Schritt 3
    Datei Überprüfung
    Kannst du >>diese<< Datei(en) vorzugsweise mit Virustotal scannen und wenn das Ergebnis vorliegt, den kleinen Button "filter" drücken, dann das Ergebnis (egal wie es aussieht) kopieren und hier posten.
    Alternativ kannst du diese Datei(en) auch bei virscan oder bei jotti scannen lassen
    :

    C:\Windows\system32\afinding.exe
    C:\Windows\system32\perfs.exe
    C:\Windows\system32\routing.exe
    C:\Windows\system32\wserving.exe


    Teile uns >>alle Einzel-Scan-Ergebnisse mittels copy&paste<< mit, inklusive Dateigröße und Name, MD5 und SHA1 (Beispiel).

    Bitte die Dateien im Falle, dass es sich um Malware handelt,
    nicht löschen,
    da wir sie zu den Herstellern von AntiVirus-, AntiSpyware Programmen und Removern
    hochladen lassen möchten,
    damit die Systeme unserer User in Zukunft geschützt werden können.

    Ein Hinweis für Dich, bis wir genau wissen was mit deinem Rechner los ist:

    Bitte den Rechner vom Netz trennen.
    Bis zu einer eventuellen Reinigung oder dem Formatieren deines Systems
    kein Online-Banking, File-sharing, Mailing, Messaging betreiben.
    Keine Up und Downloads, ausser auf Security Seiten.
    Es müssen alle auf diesem System gespeicherten Passworte durch neue PWs ersetzt werden (aber nicht solange der Rechner noch verseucht ist!!).

    Mehr Information zum Thema unter System-Sicherheit

    Poste alle Logs in deine nächste Antwort.


    gruß

    schrauber

  3. #3
    Forenbenutzer Avatar von chrusty90
    Registriert seit
    04.05.2008
    Beiträge
    47

    AW: Hijacker/ Trojaner oder so was

    Schritt1:
    erledigt


    Schritt2:

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:27:07, on 04.05.2008
    Platform: Windows Vista  (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Safe mode with network support
    
    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\ICQ6\ICQ.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
    O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing)
    O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing)
    O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing) (HKCU)
    O13 - Gopher Prefix: 
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
    O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
    O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    
    --
    End of file - 10047 bytes

    Schritt3:

    Code:
     
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                            º                                    º 
                                        hjtscanlist v2.0              
                            º                                    º 
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
    
    Microsoft Windows [Version 6.0.6000]
     
     
    C:
    
    C:\Program Files 
    C:\pagefile.sys 
    C:\$RECYCLE.BIN 
    C:\Users 
    C:\Windows 
    C:\ProgramData 
    C:\System Volume Information 
    C:\Bucharchiv-Datenbank 
    C:\Buch80 
    C:\crashAddress.txt 
    C:\Programme 
    C:\Dokumente und Einstellungen 
    C:\MSDOS.SYS 
    C:\IO.SYS 
    C:\MyWorks 
    C:\MSOCache 
    C:\BOOTSECT.BAK 
    C:\Boot 
    C:\Intel 
    C:\Documents and Settings 
    C:\bootmgr 
    C:\config.sys 
    C:\autoexec.bat 
    ----------------------------------------
    
     
    C:\Windows
    
    C:\Windows\ntbtlog.txt 
    C:\Windows\bootstat.dat 
    C:\Windows\WindowsUpdate.log 
    C:\Windows\NeroDigital.ini 
    C:\Windows\PFRO.log 
    C:\Windows\setupact.log 
    C:\Windows\iun503.exe 
    C:\Windows\DirectX.log 
    C:\Windows\DPINST.LOG 
    C:\Windows\S0CA640A5.tmp 
    C:\Windows\WLXPGSS.SCR 
    C:\Windows\eReg.dat 
    C:\Windows\MEMORY.DMP 
    C:\Windows\TSSysprep.log 
    C:\Windows\DtcInstall.log 
    C:\Windows\csup.txt 
    C:\Windows\mgxoschk.ini 
    C:\Windows\KB893803v2.log 
    C:\Windows\WISO.INI 
    C:\Windows\msxml4-KB941833-enu.LOG 
    C:\Windows\explorer.exe 
    C:\Windows\winhlp32.exe 
    C:\Windows\msxml4-KB936181-ita.LOG 
    C:\Windows\msxml4-KB936181-fra.LOG 
    C:\Windows\msxml4-KB936181-esn.LOG 
    C:\Windows\msxml4-KB936181-enu.LOG 
    C:\Windows\msxml4-KB936181-deu.LOG 
    C:\Windows\DIFxAPI.dll 
    C:\Windows\UNNeroMediaHome.exe 
    C:\Windows\UNRecode.exe 
    C:\Windows\RtHDVCpl.exe 
    C:\Windows\WindowsShell.Manifest 
    C:\Windows\win.ini 
    C:\Windows\HideWin.exe 
    C:\Windows\PidList.ini 
    C:\Windows\SkyTel.exe 
    C:\Windows\RtlUpd.exe 
    C:\Windows\RtlExUpd.dll 
    C:\Windows\PLFSetL.exe 
    C:\Windows\UNNeroVision.exe 
    C:\Windows\UNNeroBackItUp.exe 
    C:\Windows\UNNeroShowTime.exe 
    C:\Windows\setuperr.log 
    C:\Windows\SETUPAPI.LOG 
    C:\Windows\WMSysPr9.prx 
    C:\Windows\twunk_16.exe 
    C:\Windows\twunk_32.exe 
    C:\Windows\twain_32.dll 
    C:\Windows\twain.dll 
    C:\Windows\notepad.exe 
    C:\Windows\regedit.exe 
    C:\Windows\hh.exe 
    C:\Windows\HelpPane.exe 
    C:\Windows\fveupdate.exe 
    C:\Windows\bfsvc.exe 
    C:\Windows\mib.bin 
    C:\Windows\agrsmdel.exe 
    C:\Windows\HomePremium.xml 
    C:\Windows\system.ini 
    C:\Windows\_default.pif 
    C:\Windows\winhelp.exe 
    C:\Windows\msdfmap.ini 
    C:\Windows\snp2uvc.src 
    C:\Windows\snp2uvc.ini 
    C:\Windows\UNNeroMediaHome.cfg 
    C:\Windows\UNNeroVision.cfg 
    C:\Windows\UNNeroShowTime.cfg 
    C:\Windows\UNRecode.cfg 
    C:\Windows\UNNeroBackItUp.cfg 
    C:\Windows\amcap.exe 
    C:\Windows\CAINDREG.EXE 
    C:\Windows\M3000Twn.src 
    C:\Windows\M3000Twn.ini 
    C:\Windows\WMPrfDan.prx 
    C:\Windows\WMPrfDEU.prx 
    C:\Windows\WMPrfEsp.prx 
    C:\Windows\WMPrfFra.prx 
    C:\Windows\WMPrfIta.prx 
    C:\Windows\WMPrfNLd.prx 
    C:\Windows\WMPrfPtg.prx 
    C:\Windows\Unwise.exe 
    C:\Windows\ST5UNST.EXE 
    ----------------------------------------
    
     
    C:\Windows\System
    
    C:\Windows\System\BisonV07.dll 
    C:\Windows\System\BisonC07.dll 
    C:\Windows\System\DriveIcon.dll 
    C:\Windows\System\S30H0330.csr 
    C:\Windows\System\S30F0330.csr 
    C:\Windows\System\mciwave.drv 
    C:\Windows\System\mciseq.drv 
    C:\Windows\System\avicap.dll 
    C:\Windows\System\avifile.dll 
    C:\Windows\System\mciavi.drv 
    C:\Windows\System\msvideo.dll 
    C:\Windows\System\OLESVR.DLL 
    C:\Windows\System\WFWNET.DRV 
    C:\Windows\System\COMMDLG.DLL 
    C:\Windows\System\TIMER.DRV 
    C:\Windows\System\MMSYSTEM.DLL 
    C:\Windows\System\mmtask.tsk 
    C:\Windows\System\mouse.drv 
    C:\Windows\System\vga.drv 
    C:\Windows\System\sound.drv 
    C:\Windows\System\keyboard.drv 
    C:\Windows\System\SHELL.DLL 
    C:\Windows\System\system.drv 
    C:\Windows\System\ver.dll 
    C:\Windows\System\olecli.dll 
    C:\Windows\System\lzexpand.dll 
    C:\Windows\System\stdole.tlb 
    C:\Windows\System\StillDrv.dll 
    ----------------------------------------
    
     
    C:\Windows\System32
    
    C:\Windows\system32\hjtscanlist.txt 
    C:\Windows\system32\perfh009.dat 
    C:\Windows\system32\perfc009.dat 
    C:\Windows\system32\perfh007.dat 
    C:\Windows\system32\perfc007.dat 
    C:\Windows\system32\PerfStringBackup.INI 
    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 
    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 
    C:\Windows\system32\andt.sys 
    C:\Windows\system32\catroot2 
    C:\Windows\system32\catroot 
    C:\Windows\system32\FNTCACHE.DAT 
    C:\Windows\system32\de-DE 
    C:\Windows\system32\drivers 
    C:\Windows\system32\migration 
    C:\Windows\system32\1.tsk 
    C:\Windows\system32\mrt.exe 
    C:\Windows\system32\Tasks 
    C:\Windows\system32\tmp0_299761686102.bk 
    C:\Windows\system32\routing.exe 
    C:\Windows\system32\kd1394.dll 
    C:\Windows\system32\srclient.dll 
    C:\Windows\system32\srcore.dll 
    C:\Windows\system32\srdelayed.exe 
    C:\Windows\system32\rstrui.exe 
    C:\Windows\system32\kbd106n.dll 
    C:\Windows\system32\f3ahvoas.dll 
    C:\Windows\system32\win32k.sys 
    C:\Windows\system32\wininet.dll 
    C:\Windows\system32\urlmon.dll 
    C:\Windows\system32\pngfilt.dll 
    C:\Windows\system32\mstime.dll 
    C:\Windows\system32\mshtmled.dll 
    C:\Windows\system32\mshtml.dll 
    C:\Windows\system32\jsproxy.dll 
    C:\Windows\system32\ieui.dll 
    C:\Windows\system32\iernonce.dll 
    C:\Windows\system32\iesetup.dll 
    C:\Windows\system32\ieapfltr.dll 
    C:\Windows\system32\ieframe.dll 
    C:\Windows\system32\icardie.dll 
    C:\Windows\system32\gdi32.dll 
    C:\Windows\system32\dxtrans.dll 
    C:\Windows\system32\dxtmsft.dll 
    C:\Windows\system32\advpack.dll 
    C:\Windows\system32\ieUnatt.exe 
    C:\Windows\system32\ie4uinit.exe 
    C:\Windows\system32\inetcpl.cpl 
    C:\Windows\system32\mshtml.tlb 
    C:\Windows\system32\ci.dll 
    C:\Windows\system32\winload.exe 
    C:\Windows\system32\WebClnt.dll 
    C:\Windows\system32\wpd_ci.dll 
    C:\Windows\system32\clfs.sys 
    C:\Windows\system32\cfgmgr32.dll 
    C:\Windows\system32\drvinst.exe 
    C:\Windows\system32\umpnpmgr.dll 
    C:\Windows\system32\dpx.dll 
    C:\Windows\system32\oleaut32.dll 
    C:\Windows\system32\setupapi.dll 
    C:\Windows\system32\batt.dll 
    C:\Windows\system32\dispci.dll 
    C:\Windows\system32\winresume.exe 
    C:\Windows\system32\nshhttp.dll 
    C:\Windows\system32\lodctr.exe 
    C:\Windows\system32\unlodctr.exe 
    C:\Windows\system32\loadperf.dll 
    C:\Windows\system32\prflbmsg.dll 
    C:\Windows\system32\schedsvc.dll 
    C:\Windows\system32\ntkrnlpa.exe 
    C:\Windows\system32\ntoskrnl.exe 
    C:\Windows\system32\netcfg.exe 
    C:\Windows\system32\tcpipcfg.dll 
    C:\Windows\system32\netiougc.exe 
    C:\Windows\system32\GameUXLegacyGDFs.dll 
    C:\Windows\system32\gameux.dll 
    C:\Windows\system32\QuickTimeVR.qtx 
    C:\Windows\system32\QuickTime.qts 
    C:\Windows\system32\CmdLineExt.dll 
    C:\Windows\system32\sbunattend.exe 
    C:\Windows\system32\mcmde.dll 
    C:\Windows\system32\WDI 
    C:\Windows\system32\LogFiles 
    C:\Windows\system32\NDF 
    C:\Windows\system32\DRVSTORE 
    C:\Windows\system32\dnsrslvr.dll 
    C:\Windows\system32\dnsapi.dll 
    C:\Windows\system32\dnscacheugc.exe 
    C:\Windows\system32\quartz.dll 
    C:\Windows\system32\LAPRXY.DLL 
    C:\Windows\system32\asferror.dll 
    C:\Windows\system32\WMASF.DLL 
    C:\Windows\system32\tzres.dll 
    C:\Windows\system32\restore 
    C:\Windows\system32\license.rtf 
    C:\Windows\system32\sysprep 
    C:\Windows\system32\MAGIX 
    C:\Windows\system32\MsiExec.exe.log 
    C:\Windows\system32\Macromed 
    C:\Windows\system32\ID Device ActiveX_reg 
    ----------------------------------------
    
     
    C:\Windows\Prefetch
    
    C:\Windows\Prefetch\ReadyBoot 
    C:\Windows\Prefetch\AgGlFgAppHistory.db 
    C:\Windows\Prefetch\AgGlFaultHistory.db 
    C:\Windows\Prefetch\AgGlGlobalHistory.db 
    C:\Windows\Prefetch\AgRobust.db 
    C:\Windows\Prefetch\PfSvPerfStats.bin 
    C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf 
    C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf 
    C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf 
    C:\Windows\Prefetch\AVWSC.EXE-A384DC2B.pf 
    C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf 
    C:\Windows\Prefetch\GUARDGUI.EXE-B9785867.pf 
    C:\Windows\Prefetch\OPERA.EXE-E1830577.pf 
    C:\Windows\Prefetch\NET.EXE-1DF3A2F6.pf 
    C:\Windows\Prefetch\NET1.EXE-B8A8247B.pf 
    C:\Windows\Prefetch\ANDT.SYS-E2B529B7.pf 
    C:\Windows\Prefetch\WINMAIL.EXE-D6E90604.pf 
    C:\Windows\Prefetch\ACRORD32.EXE-89736734.pf 
    C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf 
    C:\Windows\Prefetch\WMPLAYER.EXE-9DE758AE.pf 
    C:\Windows\Prefetch\WINWORD.EXE-6AC9169C.pf 
    C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf 
    C:\Windows\Prefetch\EHREC.EXE-E7BBE9AA.pf 
    C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf 
    C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1448777459-4231413610-4001056232-1003.db 
    C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1448777459-4231413610-4001056232-1003.db 
    C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf 
    C:\Windows\Prefetch\DFRGNTFS.EXE-4F838A89.pf 
    C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf 
    C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf 
    C:\Windows\Prefetch\Layout.ini 
    C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf 
    C:\Windows\Prefetch\LPREMOVE.EXE-F992050D.pf 
    C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf 
    C:\Windows\Prefetch\AVNOTIFY.EXE-3344516F.pf 
    C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf 
    C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf 
    C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf 
    C:\Windows\Prefetch\USNSVC.EXE-42F10D33.pf 
    C:\Windows\Prefetch\UPDATE.EXE-196C0F6E.pf 
    C:\Windows\Prefetch\PREUPD.EXE-4F99113F.pf 
    C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf 
    C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf 
    C:\Windows\Prefetch\STCLIENT_WRAPPER.EXE-0571C043.pf 
    C:\Windows\Prefetch\SYNTPENH.EXE-4361DC86.pf 
    C:\Windows\Prefetch\EHRECVR.EXE-CABD9D22.pf 
    C:\Windows\Prefetch\MPAPI3S.EXE-C5C10AAB.pf 
    C:\Windows\Prefetch\NMINDEXSTORESVR.EXE-1071025B.pf 
    C:\Windows\Prefetch\PRESENTATIONSETTINGS.EXE-6F4C5E34.pf 
    C:\Windows\Prefetch\EHSCHED.EXE-AE9154E3.pf 
    C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf 
    C:\Windows\Prefetch\WLLOGINPROXY.EXE-E9051163.pf 
    C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf 
    C:\Windows\Prefetch\IEUSER.EXE-D895AB54.pf 
    C:\Windows\Prefetch\SOFFICE.EXE-B13C8790.pf 
    C:\Windows\Prefetch\SOFFICE.BIN-A4CAA06B.pf 
    C:\Windows\Prefetch\SCALC.EXE-27CD8EEB.pf 
    C:\Windows\Prefetch\EXCEL.EXE-63933DC7.pf 
    C:\Windows\Prefetch\VERCLSID.EXE-4D95F5A7.pf 
    C:\Windows\Prefetch\IPODSERVICE.EXE-FE1A6FF7.pf 
    C:\Windows\Prefetch\SIDEBAR.EXE-3A7B3FCC.pf 
    C:\Windows\Prefetch\AVGNT.EXE-E101157F.pf 
    C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf 
    C:\Windows\Prefetch\FLASHUTIL9D.EXE-6EC7BCAE.pf 
    C:\Windows\Prefetch\SERVICELAYER.EXE-C9BD4600.pf 
    C:\Windows\Prefetch\EHMSAS.EXE-6BE9D904.pf 
    C:\Windows\Prefetch\WISLMSVC.EXE-9B294477.pf 
    C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf 
    C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf 
    C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf 
    C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf 
    C:\Windows\Prefetch\ADOBEUPDATER.EXE-D873744E.pf 
    C:\Windows\Prefetch\CONIME.EXE-B273009A.pf 
    C:\Windows\Prefetch\WISSYNLED.EXE-02A1F481.pf 
    C:\Windows\Prefetch\SKYPEPM.EXE-2C1AF4F8.pf 
    C:\Windows\Prefetch\SKYPE.EXE-40964AC7.pf 
    C:\Windows\Prefetch\MSNMSGR.EXE-DD43BBF4.pf 
    C:\Windows\Prefetch\DW20.EXE-FC4A3C10.pf 
    C:\Windows\Prefetch\DWWIN.EXE-EBDA23D8.pf 
    C:\Windows\Prefetch\RUNDLL32.EXE-7768279B.pf 
    C:\Windows\Prefetch\MPCMDRUN.EXE-BB72ED6F.pf 
    C:\Windows\Prefetch\CSC.EXE-3F19622E.pf 
    C:\Windows\Prefetch\GOOGLEEARTH.EXE-21462848.pf 
    C:\Windows\Prefetch\SETUP_WM.EXE-4A6000A5.pf 
    C:\Windows\Prefetch\NMINDEXINGSERVICE.EXE-FBCA8F66.pf 
    C:\Windows\Prefetch\SCHED.EXE-D2CA8342.pf 
    C:\Windows\Prefetch\AVGUARD.EXE-F93E8079.pf 
    C:\Windows\Prefetch\UPDATE.EXE-40A412CE.pf 
    C:\Windows\Prefetch\WINCAL.EXE-468711D0.pf 
    C:\Windows\Prefetch\CVTRES.EXE-3E90B614.pf 
    C:\Windows\Prefetch\CONTROL.EXE-9459D5A0.pf 
    C:\Windows\Prefetch\POWERDV.EXE-15C69172.pf 
    C:\Windows\Prefetch\EHEXTHOST.EXE-8A136323.pf 
    C:\Windows\Prefetch\EHSHELL.EXE-BD99B038.pf 
    C:\Windows\Prefetch\MPSIGSTUB.EXE-322B207A.pf 
    C:\Windows\Prefetch\MPAS-D.EXE-C74E749D.pf 
    C:\Windows\Prefetch\RUNDLL32.EXE-640163B0.pf 
    C:\Windows\Prefetch\RUNDLL32.EXE-2016DC0C.pf 
    C:\Windows\Prefetch\RUNDLL32.EXE-6C53C246.pf 
    C:\Windows\Prefetch\RUNDLL32.EXE-C765AF72.pf 
    C:\Windows\Prefetch\RUNDLL32.EXE-20938590.pf 
    C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf 
    C:\Windows\Prefetch\BUCHARCHIV.EXE-7E31151F.pf 
    C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf 
    C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf 
    C:\Windows\Prefetch\RUNDLL32.EXE-41E85287.pf 
    C:\Windows\Prefetch\ICQ.EXE-FCEF872C.pf 
    C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf 
    C:\Windows\Prefetch\DISTNOTED.EXE-AA90F3EF.pf 
    C:\Windows\Prefetch\APPLEMOBILEDEVICEHELPER.EXE-FD29BBCB.pf 
    C:\Windows\Prefetch\ITUNES.EXE-049DB451.pf 
    C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf 
    C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf 
    C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf 
    C:\Windows\Prefetch\WLXQUICKTIMECONTROLHOST.EXE-43313B7C.pf 
    C:\Windows\Prefetch\MFPMP.EXE-73140A33.pf 
    C:\Windows\Prefetch\WERCON.EXE-FE5CD389.pf 
    C:\Windows\Prefetch\AgCx_SC3_93422D79.db 
    C:\Windows\Prefetch\AgCx_S1_S-1-5-21-1448777459-4231413610-4001056232-1004.snp.db 
    C:\Windows\Prefetch\INDT2.SYS-7A8E4029.pf 
    C:\Windows\Prefetch\AgCx_SC1.db 
    C:\Windows\Prefetch\AgCx_S1_S-1-5-21-1448777459-4231413610-4001056232-1003.snp.db 
    C:\Windows\Prefetch\AgCx_SC1.db.trx 
    C:\Windows\Prefetch\AgCx_SC2.db 
    C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1448777459-4231413610-4001056232-1004.db 
    C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1448777459-4231413610-4001056232-1004.db 
    C:\Windows\Prefetch\AgCx_SC3_6D864410.db 
    C:\Windows\Prefetch\AgCx_S2_S-1-5-21-1448777459-4231413610-4001056232-1004.snp.db 
    C:\Windows\Prefetch\AgAppLaunch.db 
    ----------------------------------------
    
     
    C:\Windows\Tasks
    
    C:\Windows\Tasks\SCHEDLGU.TXT 
    C:\Windows\Tasks\SA.DAT 
    C:\Windows\Tasks\User_Feed_Synchronization-{924DA4FF-ED45-4C9D-84B5-4510E583A7E8}.job 
    C:\Windows\Tasks\User_Feed_Synchronization-{02D65628-E6E3-45D6-854A-BC84A1BD8E52}.job 
    ----------------------------------------
    
     
    C:\Windows\Temp
    
    C:\Windows\Temp\MpCmdRun.log 
    C:\Windows\Temp\MPTelemetrySubmit 
    C:\Windows\Temp\TMP0000002E7B9AF05E62792AAA 
    C:\Windows\Temp\TMP0000002C020F9F665302EB32 
    C:\Windows\Temp\TMP000000378DE0C38C033CDE06 
    C:\Windows\Temp\TMP000000367AF5D4025895723B 
    C:\Windows\Temp\TMP000000360B3B643F8C61846D 
    C:\Windows\Temp\TMP00000036DF8D92969217A029 
    C:\Windows\Temp\lpksetup-20080422-185915-0.log 
    C:\Windows\Temp\lpksetup-20080422-185900-0.log 
    C:\Windows\Temp\ehprivjob.log 
    C:\Windows\Temp\JET8390.tmp 
    C:\Windows\Temp\lpksetup-20080421-221314-0.log 
    C:\Windows\Temp\lpksetup-20080421-221259-0.log 
    C:\Windows\Temp\ehprivjob1.log 
    C:\Windows\Temp\JET5F6D.tmp 
    C:\Windows\Temp\lpksetup-20080421-181132-0.log 
    C:\Windows\Temp\lpksetup-20080421-181118-0.log 
    C:\Windows\Temp\ehprivjob2.log 
    C:\Windows\Temp\JET4597.tmp 
    C:\Windows\Temp\~DF9CA6.tmp 
    C:\Windows\Temp\fwtsqmfile06.sqm 
    C:\Windows\Temp\fwtsqmfile05.sqm 
    C:\Windows\Temp\fwtsqmfile04.sqm 
    C:\Windows\Temp\lpksetup-20080420-185427-0.log 
    C:\Windows\Temp\lpksetup-20080420-185412-0.log 
    C:\Windows\Temp\ehprivjob3.log 
    C:\Windows\Temp\JET6B5F.tmp 
    C:\Windows\Temp\ehprivjob4.log 
    C:\Windows\Temp\JET46CF.tmp 
    C:\Windows\Temp\ehprivjob5.log 
    C:\Windows\Temp\JET61CE.tmp 
    C:\Windows\Temp\lpksetup-20080418-141112-0.log 
    C:\Windows\Temp\lpksetup-20080418-141057-0.log 
    C:\Windows\Temp\ehprivjob6.log 
    C:\Windows\Temp\JET42D9.tmp 
    C:\Windows\Temp\MpSigStub.log 
    C:\Windows\Temp\lpksetup-20080417-165535-0.log 
    C:\Windows\Temp\lpksetup-20080417-165520-0.log 
    C:\Windows\Temp\ehprivjob7.log 
    C:\Windows\Temp\JET4440.tmp 
    C:\Windows\Temp\ehprivjob8.log 
    C:\Windows\Temp\ehprivjob9.log 
    C:\Windows\Temp\JET4549.tmp 
    C:\Windows\Temp\lpksetup-20080416-130821-0.log 
    C:\Windows\Temp\lpksetup-20080416-130801-0.log 
    C:\Windows\Temp\JET45E5.tmp 
    C:\Windows\Temp\fwtsqmfile03.sqm 
    C:\Windows\Temp\lpksetup-20080415-180510-0.log 
    C:\Windows\Temp\lpksetup-20080415-180454-0.log 
    C:\Windows\Temp\JET3E57.tmp 
    C:\Windows\Temp\JET3F60.tmp 
    C:\Windows\Temp\lpksetup-20080413-122343-0.log 
    C:\Windows\Temp\lpksetup-20080413-122251-0.log 
    C:\Windows\Temp\History 
    C:\Windows\Temp\Cookies 
    C:\Windows\Temp\Temporary Internet Files 
    C:\Windows\Temp\JET44EC.tmp 
    C:\Windows\Temp\JET53AB.tmp 
    C:\Windows\Temp\fwtsqmfile02.sqm 
    C:\Windows\Temp\lpksetup-20080411-211245-0.log 
    C:\Windows\Temp\lpksetup-20080411-211229-0.log 
    C:\Windows\Temp\JET690E.tmp 
    C:\Windows\Temp\lpksetup-20080410-230420-0.log 
    C:\Windows\Temp\lpksetup-20080410-230405-0.log 
    C:\Windows\Temp\JET94BF.tmp 
    C:\Windows\Temp\lpksetup-20080410-161536-0.log 
    C:\Windows\Temp\lpksetup-20080410-161511-0.log 
    C:\Windows\Temp\JET477A.tmp 
    C:\Windows\Temp\lpksetup-20080409-175952-0.log 
    C:\Windows\Temp\lpksetup-20080409-175939-0.log 
    C:\Windows\Temp\JET7B18.tmp 
    C:\Windows\Temp\Tag73E.tmp 
    C:\Windows\Temp\Tag190.tmp 
    C:\Windows\Temp\TagFBF2.tmp 
    C:\Windows\Temp\TagF654.tmp 
    C:\Windows\Temp\TagE3AB.tmp 
    C:\Windows\Temp\lpksetup-20080409-093553-0.log 
    C:\Windows\Temp\lpksetup-20080409-093539-0.log 
    C:\Windows\Temp\JETAF70.tmp 
    C:\Windows\Temp\fwtsqmfile01.sqm 
    C:\Windows\Temp\lpksetup-20080408-175014-0.log 
    C:\Windows\Temp\lpksetup-20080408-174959-0.log 
    C:\Windows\Temp\JET758C.tmp 
    C:\Windows\Temp\lpksetup-20080407-203604-0.log 
    C:\Windows\Temp\lpksetup-20080407-203550-0.log 
    C:\Windows\Temp\JET44FC.tmp 
    C:\Windows\Temp\lpksetup-20080407-084323-0.log 
    C:\Windows\Temp\lpksetup-20080407-084304-0.log 
    C:\Windows\Temp\WLXPL_DX 
    C:\Windows\Temp\JET7703.tmp 
    C:\Windows\Temp\fwtsqmfile00.sqm 
    C:\Windows\Temp\lpksetup-20080406-172201-0.log 
    C:\Windows\Temp\lpksetup-20080406-172147-0.log 
    C:\Windows\Temp\JET4BCE.tmp 
    C:\Windows\Temp\lpksetup-20080406-111800-0.log 
    C:\Windows\Temp\lpksetup-20080406-111746-0.log 
    C:\Windows\Temp\fwtsqmfile19.sqm 
    C:\Windows\Temp\lpksetup-20080405-104258-0.log 
    C:\Windows\Temp\lpksetup-20080405-104239-0.log 
    C:\Windows\Temp\JET68C0.tmp 
    C:\Windows\Temp\lpksetup-20080404-195614-0.log 
    C:\Windows\Temp\lpksetup-20080404-195559-0.log 
    C:\Windows\Temp\JET94B0.tmp 
    C:\Windows\Temp\lpksetup-20080403-174808-0.log 
    C:\Windows\Temp\lpksetup-20080403-174754-0.log 
    C:\Windows\Temp\JET6E3C.tmp 
    C:\Windows\Temp\fwtsqmfile18.sqm 
    C:\Windows\Temp\lpksetup-20080402-130048-0.log 
    C:\Windows\Temp\lpksetup-20080402-130030-0.log 
    C:\Windows\Temp\JET3BF8.tmp 
    C:\Windows\Temp\JET6E9B.tmp 
    C:\Windows\Temp\lpksetup-20080401-161308-0.log 
    C:\Windows\Temp\lpksetup-20080401-161253-0.log 
    C:\Windows\Temp\JET44BD.tmp 
    C:\Windows\Temp\lpksetup-20080331-222954-0.log 
    C:\Windows\Temp\lpksetup-20080331-222940-0.log 
    C:\Windows\Temp\JET47D8.tmp 
    C:\Windows\Temp\lpksetup-20080330-115739-0.log 
    C:\Windows\Temp\lpksetup-20080330-115724-0.log 
    C:\Windows\Temp\JET4846.tmp 
    C:\Windows\Temp\lpksetup-20080329-232013-0.log 
    C:\Windows\Temp\lpksetup-20080329-231958-0.log 
    C:\Windows\Temp\JET5FAC.tmp 
    C:\Windows\Temp\lpksetup-20080329-104615-0.log 
    C:\Windows\Temp\lpksetup-20080329-104504-0.log 
    C:\Windows\Temp\JET4875.tmp 
    C:\Windows\Temp\JET52A1.tmp 
    C:\Windows\Temp\fwtsqmfile17.sqm 
    C:\Windows\Temp\JET4F19.tmp 
    C:\Windows\Temp\lpksetup-20080327-211217-0.log 
    C:\Windows\Temp\lpksetup-20080327-211156-0.log 
    C:\Windows\Temp\JET5917.tmp 
    C:\Windows\Temp\fwtsqmfile16.sqm 
    C:\Windows\Temp\lpksetup-20080326-112743-0.log 
    C:\Windows\Temp\lpksetup-20080326-112720-0.log 
    C:\Windows\Temp\JET473C.tmp 
    C:\Windows\Temp\lpksetup-20080325-172623-0.log 
    C:\Windows\Temp\lpksetup-20080325-172609-0.log 
    C:\Windows\Temp\JET47C8.tmp 
    C:\Windows\Temp\fwtsqmfile15.sqm 
    C:\Windows\Temp\lpksetup-20080325-133338-0.log 
    C:\Windows\Temp\lpksetup-20080325-133324-0.log 
    C:\Windows\Temp\lpksetup-20080325-113105-0.log 
    C:\Windows\Temp\lpksetup-20080325-113051-0.log 
    C:\Windows\Temp\fwtsqmfile14.sqm 
    C:\Windows\Temp\lpksetup-20080324-150704-0.log 
    C:\Windows\Temp\lpksetup-20080324-150651-0.log 
    C:\Windows\Temp\JET41D0.tmp 
    C:\Windows\Temp\fwtsqmfile13.sqm 
    C:\Windows\Temp\lpksetup-20080323-102339-0.log 
    C:\Windows\Temp\lpksetup-20080323-102322-0.log 
    C:\Windows\Temp\JETB125.tmp 
    C:\Windows\Temp\fwtsqmfile12.sqm 
    C:\Windows\Temp\lpksetup-20080322-163024-0.log 
    C:\Windows\Temp\lpksetup-20080322-163008-0.log 
    C:\Windows\Temp\JET63F0.tmp 
    C:\Windows\Temp\lpksetup-20080322-120955-0.log 
    C:\Windows\Temp\lpksetup-20080322-120941-0.log 
    C:\Windows\Temp\fwtsqmfile11.sqm 
    C:\Windows\Temp\lpksetup-20080321-165417-0.log 
    C:\Windows\Temp\lpksetup-20080321-165401-0.log 
    C:\Windows\Temp\JET562A.tmp 
    C:\Windows\Temp\~DFCF1A.tmp 
    C:\Windows\Temp\lpksetup-20080320-204302-0.log 
    C:\Windows\Temp\lpksetup-20080320-204240-0.log 
    C:\Windows\Temp\JET44BC.tmp 
    C:\Windows\Temp\lpksetup-20080320-103701-0.log 
    C:\Windows\Temp\lpksetup-20080320-103629-0.log 
    C:\Windows\Temp\JET4FE3.tmp 
    C:\Windows\Temp\lpksetup-20080319-143828-0.log 
    C:\Windows\Temp\lpksetup-20080319-143806-0.log 
    C:\Windows\Temp\JET6DFE.tmp 
    C:\Windows\Temp\lpksetup-20080319-120538-0.log 
    C:\Windows\Temp\lpksetup-20080319-120404-0.log 
    C:\Windows\Temp\~DFCDC4.tmp 
    C:\Windows\Temp\JET4672.tmp 
    C:\Windows\Temp\lpksetup-20080318-171811-0.log 
    C:\Windows\Temp\lpksetup-20080318-171429-0.log 
    C:\Windows\Temp\JET5F8C.tmp 
    C:\Windows\Temp\JET88CE.tmp 
    C:\Windows\Temp\JET5CCE.tmp 
    C:\Windows\Temp\lpksetup-20080317-173606-0.log 
    C:\Windows\Temp\lpksetup-20080317-173551-0.log 
    C:\Windows\Temp\JET7399.tmp 
    C:\Windows\Temp\lpksetup-20080316-184610-0.log 
    C:\Windows\Temp\lpksetup-20080316-184537-0.log 
    C:\Windows\Temp\JET3F40.tmp 
    C:\Windows\Temp\~DFF8E8.tmp 
    C:\Windows\Temp\lpksetup-20080315-201117-0.log 
    C:\Windows\Temp\lpksetup-20080315-201101-0.log 
    C:\Windows\Temp\JET4DA2.tmp 
    C:\Windows\Temp\lpksetup-20080314-234608-0.log 
    C:\Windows\Temp\lpksetup-20080314-234551-0.log 
    C:\Windows\Temp\JET5EB2.tmp 
    C:\Windows\Temp\lpksetup-20080314-160052-0.log 
    C:\Windows\Temp\lpksetup-20080314-160030-0.log 
    C:\Windows\Temp\JET341A.tmp 
    C:\Windows\Temp\lpksetup-20080313-155223-0.log 
    C:\Windows\Temp\lpksetup-20080313-155208-0.log 
    C:\Windows\Temp\JET4F18.tmp 
    C:\Windows\Temp\fwtsqmfile10.sqm 
    C:\Windows\Temp\lpksetup-20080312-195621-0.log 
    C:\Windows\Temp\lpksetup-20080312-195607-0.log 
    C:\Windows\Temp\JET42AB.tmp 
    C:\Windows\Temp\lpksetup-20080312-172410-0.log 
    C:\Windows\Temp\lpksetup-20080312-172354-0.log 
    C:\Windows\Temp\JET54E2.tmp 
    C:\Windows\Temp\JET403A.tmp 
    C:\Windows\Temp\JET79FF.tmp 
    C:\Windows\Temp\lpksetup-20080311-151709-0.log 
    C:\Windows\Temp\lpksetup-20080311-151655-0.log 
    C:\Windows\Temp\JET6C49.tmp 
    C:\Windows\Temp\fwtsqmfile09.sqm 
    C:\Windows\Temp\lpksetup-20080311-121355-0.log 
    C:\Windows\Temp\lpksetup-20080311-121338-0.log 
    C:\Windows\Temp\JET40D7.tmp 
    C:\Windows\Temp\lpksetup-20080310-182708-0.log 
    C:\Windows\Temp\lpksetup-20080310-182654-0.log 
    C:\Windows\Temp\JET3BC7.tmp 
    C:\Windows\Temp\JET3DAC.tmp 
    C:\Windows\Temp\lpksetup-20080310-085931-0.log 
    C:\Windows\Temp\lpksetup-20080310-085913-0.log 
    C:\Windows\Temp\JET6E9A.tmp 
    C:\Windows\Temp\lpksetup-20080309-202023-0.log 
    C:\Windows\Temp\lpksetup-20080309-202005-0.log 
    C:\Windows\Temp\JET3F50.tmp 
    C:\Windows\Temp\lpksetup-20080309-141328-0.log 
    C:\Windows\Temp\lpksetup-20080309-141312-0.log 
    C:\Windows\Temp\JET4B61.tmp 
    C:\Windows\Temp\lpksetup-20080309-114411-0.log 
    C:\Windows\Temp\lpksetup-20080309-114356-0.log 
    C:\Windows\Temp\JET52B1.tmp 
    C:\Windows\Temp\lpksetup-20080308-174904-0.log 
    C:\Windows\Temp\lpksetup-20080308-174849-0.log 
    C:\Windows\Temp\JET401B.tmp 
    C:\Windows\Temp\fwtsqmfile08.sqm 
    C:\Windows\Temp\lpksetup-20080307-140531-0.log 
    C:\Windows\Temp\lpksetup-20080307-140508-0.log 
    C:\Windows\Temp\JET40A7.tmp 
    C:\Windows\Temp\lpksetup-20080307-063846-0.log 
    C:\Windows\Temp\lpksetup-20080307-063830-0.log 
    C:\Windows\Temp\JET5FBB.tmp 
    C:\Windows\Temp\lpksetup-20080306-162213-0.log 
    C:\Windows\Temp\lpksetup-20080306-162158-0.log 
    C:\Windows\Temp\JET4845.tmp 
    C:\Windows\Temp\lpksetup-20080305-162503-0.log 
    C:\Windows\Temp\lpksetup-20080305-162440-0.log 
    C:\Windows\Temp\JET4604.tmp 
    C:\Windows\Temp\lpksetup-20080305-090810-0.log 
    C:\Windows\Temp\lpksetup-20080305-090742-0.log 
    C:\Windows\Temp\JET4921.tmp 
    C:\Windows\Temp\lpksetup-20080304-173343-0.log 
    C:\Windows\Temp\lpksetup-20080304-173329-0.log 
    C:\Windows\Temp\JET54C3.tmp 
    C:\Windows\Temp\JET555F.tmp 
    C:\Windows\Temp\lpksetup-20080303-132001-0.log 
    C:\Windows\Temp\lpksetup-20080303-131948-0.log 
    C:\Windows\Temp\JET5B58.tmp 
    C:\Windows\Temp\lpksetup-20080302-190923-0.log 
    C:\Windows\Temp\lpksetup-20080302-190904-0.log 
    C:\Windows\Temp\JET4D16.tmp 
    C:\Windows\Temp\lpksetup-20080302-110611-0.log 
    C:\Windows\Temp\lpksetup-20080302-110551-0.log 
    C:\Windows\Temp\JET46A1.tmp 
    C:\Windows\Temp\lpksetup-20080301-183233-0.log 
    C:\Windows\Temp\lpksetup-20080301-183215-0.log 
    C:\Windows\Temp\JET48B2.tmp 
    C:\Windows\Temp\lpksetup-20080229-232102-0.log 
    C:\Windows\Temp\lpksetup-20080229-232046-0.log 
    C:\Windows\Temp\JET40C6.tmp 
    C:\Windows\Temp\lpksetup-20080229-140843-0.log 
    C:\Windows\Temp\lpksetup-20080229-140823-0.log 
    C:\Windows\Temp\JET4079.tmp 
    C:\Windows\Temp\lpksetup-20080228-162000-0.log 
    C:\Windows\Temp\lpksetup-20080228-161946-0.log 
    C:\Windows\Temp\JET449D.tmp 
    C:\Windows\Temp\lpksetup-20080227-130542-0.log 
    C:\Windows\Temp\lpksetup-20080227-130524-0.log 
    C:\Windows\Temp\JET3DAB.tmp 
    C:\Windows\Temp\lpksetup-20080226-175629-0.log 
    C:\Windows\Temp\lpksetup-20080226-175615-0.log 
    C:\Windows\Temp\JET3B0E.tmp 
    C:\Windows\Temp\lpksetup-20080225-182125-0.log 
    C:\Windows\Temp\lpksetup-20080225-182110-0.log 
    C:\Windows\Temp\JET3B0D.tmp 
    C:\Windows\Temp\lpksetup-20080224-185321-0.log 
    C:\Windows\Temp\lpksetup-20080224-185306-0.log 
    C:\Windows\Temp\JET3B98.tmp 
    C:\Windows\Temp\lpksetup-20080223-180517-0.log 
    C:\Windows\Temp\lpksetup-20080223-180504-0.log 
    C:\Windows\Temp\JET4384.tmp 
    C:\Windows\Temp\lpksetup-20080222-180916-0.log 
    C:\Windows\Temp\lpksetup-20080222-180855-0.log 
    C:\Windows\Temp\JET3938.tmp 
    C:\Windows\Temp\JET3B0C.tmp 
    C:\Windows\Temp\lpksetup-20080221-162354-0.log 
    C:\Windows\Temp\lpksetup-20080221-162339-0.log 
    C:\Windows\Temp\JET37C2.tmp 
    C:\Windows\Temp\lpksetup-20080220-195659-0.log 
    C:\Windows\Temp\lpksetup-20080220-195641-0.log 
    C:\Windows\Temp\JET3811.tmp 
    C:\Windows\Temp\lpksetup-20080220-151859-0.log 
    C:\Windows\Temp\lpksetup-20080220-151839-0.log 
    C:\Windows\Temp\JET360F.tmp 
    C:\Windows\Temp\lpksetup-20080219-175241-0.log 
    C:\Windows\Temp\lpksetup-20080219-175227-0.log 
    C:\Windows\Temp\JET381F.tmp 
    C:\Windows\Temp\lpksetup-20080218-221909-0.log 
    C:\Windows\Temp\lpksetup-20080218-221856-0.log 
    C:\Windows\Temp\JET5002.tmp 
    C:\Windows\Temp\lpksetup-20080218-175613-0.log 
    C:\Windows\Temp\lpksetup-20080218-175559-0.log 
    C:\Windows\Temp\JET38EA.tmp 
    C:\Windows\Temp\lpksetup-20080218-082535-0.log 
    C:\Windows\Temp\lpksetup-20080218-082516-0.log 
    C:\Windows\Temp\JET448E.tmp 
    C:\Windows\Temp\JET4816.tmp 
    C:\Windows\Temp\lpksetup-20080217-163900-0.log 
    C:\Windows\Temp\lpksetup-20080217-163839-0.log 
    C:\Windows\Temp\JET4191.tmp 
    C:\Windows\Temp\lpksetup-20080216-172014-0.log 
    C:\Windows\Temp\lpksetup-20080216-171958-0.log 
    C:\Windows\Temp\JET475C.tmp 
    C:\Windows\Temp\lpksetup-20080215-191747-0.log 
    C:\Windows\Temp\lpksetup-20080215-191726-0.log 
    C:\Windows\Temp\JET62F6.tmp 
    C:\Windows\Temp\JET5955.tmp 
    C:\Windows\Temp\WER8021.tmp.hdmp 
    C:\Windows\Temp\WER7DFE.tmp.appcompat.txt 
    C:\Windows\Temp\WER7DFD.tmp.version.txt 
    C:\Windows\Temp\lpksetup-20080214-162511-0.log 
    C:\Windows\Temp\lpksetup-20080214-162444-0.log 
    C:\Windows\Temp\JET3764.tmp 
    C:\Windows\Temp\fwtsqmfile07.sqm 
    C:\Windows\Temp\lpksetup-20080213-150913-0.log 
    C:\Windows\Temp\lpksetup-20080213-150855-0.log 
    C:\Windows\Temp\JET3552.tmp 
    C:\Windows\Temp\JET3F6F.tmp 
    C:\Windows\Temp\lpksetup-20080212-215901-0.log 
    C:\Windows\Temp\lpksetup-20080212-215848-0.log 
    C:\Windows\Temp\JET3810.tmp 
    C:\Windows\Temp\lpksetup-20080212-180913-0.log 
    C:\Windows\Temp\lpksetup-20080212-180856-0.log 
    C:\Windows\Temp\JET3532.tmp 
    C:\Windows\Temp\lpksetup-20080211-180933-0.log 
    C:\Windows\Temp\lpksetup-20080211-180920-0.log 
    C:\Windows\Temp\JET360E.tmp 
    C:\Windows\Temp\lpksetup-20080211-085130-0.log 
    C:\Windows\Temp\lpksetup-20080211-085117-0.log 
    C:\Windows\Temp\lpksetup-20080210-184759-0.log 
    C:\Windows\Temp\lpksetup-20080210-184746-0.log 
    C:\Windows\Temp\JET3C54.tmp 
    C:\Windows\Temp\lpksetup-20080210-123253-0.log 
    C:\Windows\Temp\lpksetup-20080210-123240-0.log 
    C:\Windows\Temp\JET44EB.tmp 
    C:\Windows\Temp\lpksetup-20080209-183938-0.log 
    C:\Windows\Temp\lpksetup-20080209-183926-0.log 
    C:\Windows\Temp\JET5C61.tmp 
    C:\Windows\Temp\lpksetup-20080208-230025-0.log 
    C:\Windows\Temp\lpksetup-20080208-230012-0.log 
    C:\Windows\Temp\JET40D6.tmp 
    C:\Windows\Temp\lpksetup-20080208-153046-0.log 
    C:\Windows\Temp\lpksetup-20080208-153029-0.log 
    C:\Windows\Temp\JET3976.tmp 
    C:\Windows\Temp\JET4B13.tmp 
    C:\Windows\Temp\lpksetup-20080207-165904-0.log 
    C:\Windows\Temp\lpksetup-20080207-165850-0.log 
    C:\Windows\Temp\JET35BF.tmp 
    C:\Windows\Temp\JET43B3.tmp 
    C:\Windows\Temp\JET35AF.tmp 
    C:\Windows\Temp\JET4078.tmp 
    C:\Windows\Temp\lpksetup-20080205-173517-0.log 
    C:\Windows\Temp\lpksetup-20080205-173502-0.log 
    C:\Windows\Temp\JET53AA.tmp 
    C:\Windows\Temp\lpksetup-20080205-001904-0.log 
    C:\Windows\Temp\lpksetup-20080205-001847-0.log 
    C:\Windows\Temp\JET451A.tmp 
    C:\Windows\Temp\lpksetup-20080204-164034-0.log 
    C:\Windows\Temp\lpksetup-20080204-164019-0.log 
    C:\Windows\Temp\JET6547.tmp 
    C:\Windows\Temp\lpksetup-20080203-105558-0.log 
    C:\Windows\Temp\lpksetup-20080203-105542-0.log 
    C:\Windows\Temp\JET3E56.tmp 
    C:\Windows\Temp\lpksetup-20080202-122456-0.log 
    C:\Windows\Temp\lpksetup-20080202-122442-0.log 
    C:\Windows\Temp\JET3E85.tmp 
    C:\Windows\Temp\lpksetup-20080201-121501-0.log 
    C:\Windows\Temp\lpksetup-20080201-121439-0.log 
    C:\Windows\Temp\JET52D0.tmp 
    C:\Windows\Temp\lpksetup-20080131-133958-0.log 
    C:\Windows\Temp\lpksetup-20080131-133945-0.log 
    C:\Windows\Temp\JET6CA6.tmp 
    C:\Windows\Temp\lpksetup-20080130-201942-0.log 
    C:\Windows\Temp\lpksetup-20080130-201928-0.log 
    C:\Windows\Temp\JET4A19.tmp 
    C:\Windows\Temp\lpksetup-20080130-141839-0.log 
    C:\Windows\Temp\lpksetup-20080130-141825-0.log 
    C:\Windows\Temp\JET6B30.tmp 
    C:\Windows\Temp\lpksetup-20080129-200632-0.log 
    C:\Windows\Temp\lpksetup-20080129-200619-0.log 
    C:\Windows\Temp\JET60E4.tmp 
    C:\Windows\Temp\lpksetup-20080129-171733-0.log 
    C:\Windows\Temp\lpksetup-20080129-171719-0.log 
    C:\Windows\Temp\JET6566.tmp 
    C:\Windows\Temp\tmp00007c1c 
    C:\Windows\Temp\lpksetup-20080128-192748-0.log 
    C:\Windows\Temp\lpksetup-20080128-192735-0.log 
    C:\Windows\Temp\JET7167.tmp 
    C:\Windows\Temp\JET36F7.tmp 
    C:\Windows\Temp\lpksetup-20080127-162416-0.log 
    C:\Windows\Temp\lpksetup-20080127-162403-0.log 
    C:\Windows\Temp\JET3F9E.tmp 
    C:\Windows\Temp\lpksetup-20080127-111124-0.log 
    C:\Windows\Temp\lpksetup-20080127-111110-0.log 
    C:\Windows\Temp\JET3CE0.tmp 
    C:\Windows\Temp\lpksetup-20080126-221511-0.log 
    C:\Windows\Temp\lpksetup-20080126-221453-0.log 
    C:\Windows\Temp\lpksetup-20080126-200412-0.log 
    C:\Windows\Temp\lpksetup-20080126-200359-0.log 
    C:\Windows\Temp\JET4671.tmp 
    C:\Windows\Temp\lpksetup-20080126-125933-0.log 
    C:\Windows\Temp\lpksetup-20080126-125918-0.log 
    C:\Windows\Temp\JET41C0.tmp 
    C:\Windows\Temp\lpksetup-20080125-190841-0.log 
    C:\Windows\Temp\lpksetup-20080125-190822-0.log 
    C:\Windows\Temp\JET3ED3.tmp 
    C:\Windows\Temp\tmp000008a6 
    C:\Windows\Temp\JET3EA4.tmp 
    C:\Windows\Temp\lpksetup-20080124-173817-0.log 
    C:\Windows\Temp\lpksetup-20080124-173803-0.log 
    C:\Windows\Temp\JET3E47.tmp 
    C:\Windows\Temp\lpksetup-20080124-075248-0.log 
    C:\Windows\Temp\lpksetup-20080124-075234-0.log 
    C:\Windows\Temp\JET5714.tmp 
    C:\Windows\Temp\lpksetup-20080123-220611-0.log 
    C:\Windows\Temp\lpksetup-20080123-220556-0.log 
    C:\Windows\Temp\JET3E29.tmp 
    C:\Windows\Temp\lpksetup-20080123-165237-0.log 
    C:\Windows\Temp\lpksetup-20080123-165215-0.log 
    C:\Windows\Temp\JET7C31.tmp 
    C:\Windows\Temp\lpksetup-20080122-192938-0.log 
    C:\Windows\Temp\lpksetup-20080122-192925-0.log 
    C:\Windows\Temp\JET5169.tmp 
    C:\Windows\Temp\JET50DD.tmp 
    C:\Windows\Temp\lpksetup-20080122-140032-0.log 
    C:\Windows\Temp\lpksetup-20080122-140019-0.log 
    C:\Windows\Temp\JET49AD.tmp 
    C:\Windows\Temp\lpksetup-20080122-104114-0.log 
    C:\Windows\Temp\lpksetup-20080122-104057-0.log 
    C:\Windows\Temp\JET4CA8.tmp 
    C:\Windows\Temp\lpksetup-20080121-203318-0.log 
    C:\Windows\Temp\lpksetup-20080121-203305-0.log 
    C:\Windows\Temp\JET46A0.tmp 
    C:\Windows\Temp\lpksetup-20080121-164740-0.log 
    C:\Windows\Temp\lpksetup-20080121-164726-0.log 
    C:\Windows\Temp\JET4088.tmp 
    C:\Windows\Temp\lpksetup-20080120-213411-0.log 
    C:\Windows\Temp\lpksetup-20080120-213354-0.log 
    C:\Windows\Temp\JET3DBA.tmp 
    C:\Windows\Temp\lpksetup-20080120-143116-0.log 
    C:\Windows\Temp\lpksetup-20080120-143102-0.log 
    C:\Windows\Temp\JET5946.tmp 
    C:\Windows\Temp\lpksetup-20080120-113251-0.log 
    C:\Windows\Temp\lpksetup-20080120-113236-0.log 
    C:\Windows\Temp\JET44FB.tmp 
    C:\Windows\Temp\JET5A30.tmp 
    C:\Windows\Temp\lpksetup-20080119-234829-0.log 
    C:\Windows\Temp\lpksetup-20080119-234816-0.log 
    C:\Windows\Temp\JET6FA3.tmp 
    C:\Windows\Temp\JET360D.tmp 
    C:\Windows\Temp\JET2A3A.tmp 
    C:\Windows\Temp\JET3E28.tmp 
    C:\Windows\Temp\lpksetup-20080118-181419-0.log 
    C:\Windows\Temp\lpksetup-20080118-181400-0.log 
    C:\Windows\Temp\JET33FA.tmp 
    C:\Windows\Temp\JET3458.tmp 
    C:\Windows\Temp\lpksetup-20080116-163431-0.log 
    C:\Windows\Temp\lpksetup-20080116-163407-0.log 
    C:\Windows\Temp\JET4920.tmp 
    C:\Windows\Temp\lpksetup-20080116-083656-0.log 
    C:\Windows\Temp\lpksetup-20080116-083642-0.log 
    C:\Windows\Temp\lpksetup-20080115-202000-0.log 
    C:\Windows\Temp\lpksetup-20080115-201947-0.log 
    C:\Windows\Temp\JET39E4.tmp 
    C:\Windows\Temp\lpksetup-20080115-112255-0.log 
    C:\Windows\Temp\lpksetup-20080115-112242-0.log 
    C:\Windows\Temp\JET4D54.tmp 
    C:\Windows\Temp\lpksetup-20080114-165157-0.log 
    C:\Windows\Temp\lpksetup-20080114-165144-0.log 
    C:\Windows\Temp\JET33CC.tmp 
    C:\Windows\Temp\lpksetup-20080113-221252-0.log 
    C:\Windows\Temp\lpksetup-20080113-221153-0.log 
    C:\Windows\Temp\JET3BF7.tmp 
    C:\Windows\Temp\JET4874.tmp 
    C:\Windows\Temp\lpksetup-20080112-143817-0.log 
    C:\Windows\Temp\lpksetup-20080112-143802-0.log 
    C:\Windows\Temp\JET510C.tmp 
    C:\Windows\Temp\lpksetup-20080111-162404-0.log 
    C:\Windows\Temp\lpksetup-20080111-162349-0.log 
    C:\Windows\Temp\JET46BF.tmp 
    C:\Windows\Temp\Bibliothek.exe 
    C:\Windows\Temp\lpksetup-20080110-173248-0.log 
    C:\Windows\Temp\lpksetup-20080110-173233-0.log 
    C:\Windows\Temp\JET47A9.tmp 
    C:\Windows\Temp\lpksetup-20080110-171334-0.log 
    C:\Windows\Temp\lpksetup-20080110-171313-0.log 
    C:\Windows\Temp\JET49AC.tmp 
    C:\Windows\Temp\lpksetup-20080109-204338-0.log 
    C:\Windows\Temp\lpksetup-20080109-204326-0.log 
    C:\Windows\Temp\JET3F7F.tmp 
    C:\Windows\Temp\lpksetup-20080109-163946-0.log 
    C:\Windows\Temp\lpksetup-20080109-163933-0.log 
    C:\Windows\Temp\JET3986.tmp 
    C:\Windows\Temp\lpksetup-20080108-152541-0.log 
    C:\Windows\Temp\lpksetup-20080108-152523-0.log 
    C:\Windows\Temp\JET42AA.tmp 
    C:\Windows\Temp\lpksetup-20080108-111208-0.log 
    C:\Windows\Temp\lpksetup-20080108-111141-0.log 
    C:\Windows\Temp\JET4A38.tmp 
    C:\Windows\Temp\lpksetup-20080107-224015-0.log 
    C:\Windows\Temp\lpksetup-20080107-224000-0.log 
    C:\Windows\Temp\JET4336.tmp 
    C:\Windows\Temp\lpksetup-20080107-212436-0.log 
    C:\Windows\Temp\lpksetup-20080107-212423-0.log 
    C:\Windows\Temp\JET61DD.tmp 
    C:\Windows\Temp\JET7187.tmp 
    C:\Windows\Temp\lpksetup-20080107-110745-0.log 
    C:\Windows\Temp\lpksetup-20080107-110731-0.log 
    C:\Windows\Temp\JET2FC6.tmp 
    C:\Windows\Temp\JET514A.tmp 
    C:\Windows\Temp\lpksetup-20080105-201750-0.log 
    C:\Windows\Temp\lpksetup-20080105-201737-0.log 
    C:\Windows\Temp\JET588A.tmp 
    C:\Windows\Temp\lpksetup-20080105-120619-0.log 
    C:\Windows\Temp\lpksetup-20080105-120606-0.log 
    C:\Windows\Temp\JET39B5.tmp 
    C:\Windows\Temp\lpksetup-20080104-160119-0.log 
    C:\Windows\Temp\lpksetup-20080104-160052-0.log 
    C:\Windows\Temp\JET450A.tmp 
    C:\Windows\Temp\lpksetup-20080103-185317-0.log 
    C:\Windows\Temp\lpksetup-20080103-185304-0.log 
    C:\Windows\Temp\JET52C0.tmp 
    C:\Windows\Temp\JET507F.tmp 
    C:\Windows\Temp\lpksetup-20080102-101445-0.log 
    C:\Windows\Temp\lpksetup-20080102-101431-0.log 
    C:\Windows\Temp\JET37E1.tmp 
    C:\Windows\Temp\lpksetup-20080101-154114-0.log 
    C:\Windows\Temp\lpksetup-20080101-154100-0.log 
    C:\Windows\Temp\JET3FEC.tmp 
    C:\Windows\Temp\lpksetup-20071231-120407-0.log 
    C:\Windows\Temp\lpksetup-20071231-120354-0.log 
    C:\Windows\Temp\JET4EEA.tmp 
    C:\Windows\Temp\lpksetup-20071231-103818-0.log 
    C:\Windows\Temp\lpksetup-20071231-103805-0.log 
    C:\Windows\Temp\JET30DF.tmp 
    C:\Windows\Temp\JET3275.tmp 
    C:\Windows\Temp\lpksetup-20071230-142644-0.log 
    C:\Windows\Temp\lpksetup-20071230-142632-0.log 
    C:\Windows\Temp\tmp00003cfa 
    C:\Windows\Temp\lpksetup-20071230-114320-0.log 
    C:\Windows\Temp\lpksetup-20071230-114307-0.log 
    C:\Windows\Temp\JET511B.tmp 
    C:\Windows\Temp\lpksetup-20071229-215216-0.log 
    C:\Windows\Temp\lpksetup-20071229-215204-0.log 
    C:\Windows\Temp\lpksetup-20071229-180557-0.log 
    C:\Windows\Temp\lpksetup-20071229-180544-0.log 
    C:\Windows\Temp\JET445F.tmp 
    C:\Windows\Temp\lpksetup-20071229-112132-0.log 
    C:\Windows\Temp\lpksetup-20071229-112126-0.log 
    C:\Windows\Temp\lpksetup-20071228-102259-0.log 
    C:\Windows\Temp\lpksetup-20071228-102246-0.log 
    C:\Windows\Temp\JET3C63.tmp 
    C:\Windows\Temp\DMIF260.tmp 
    C:\Windows\Temp\lpksetup-20071227-140116-0.log 
    C:\Windows\Temp\lpksetup-20071227-140104-0.log 
    C:\Windows\Temp\JET3226.tmp 
    C:\Windows\Temp\lpksetup-20071226-185654-0.log 
    C:\Windows\Temp\lpksetup-20071226-185642-0.log 
    C:\Windows\Temp\lpksetup-20071226-122337-0.log 
    C:\Windows\Temp\lpksetup-20071226-122324-0.log 
    C:\Windows\Temp\JET3A12.tmp 
    C:\Windows\Temp\JET389D.tmp 
    C:\Windows\Temp\JET475B.tmp 
    C:\Windows\Temp\lpksetup-20071225-104948-0.log 
    C:\Windows\Temp\lpksetup-20071225-104934-0.log 
    C:\Windows\Temp\JET313C.tmp 
    C:\Windows\Temp\lpksetup-20071224-134853-0.log 
    C:\Windows\Temp\lpksetup-20071224-134838-0.log 
    C:\Windows\Temp\JET389C.tmp 
    C:\Windows\Temp\JET38DA.tmp 
    C:\Windows\Temp\lpksetup-20071223-204436-0.log 
    C:\Windows\Temp\lpksetup-20071223-204419-0.log 
    C:\Windows\Temp\JET3590.tmp 
    C:\Windows\Temp\JET39A5.tmp 
    C:\Windows\Temp\JET37A2.tmp 
    C:\Windows\Temp\lpksetup-20071222-213957-0.log 
    C:\Windows\Temp\lpksetup-20071222-213944-0.log 
    C:\Windows\Temp\JET3BF6.tmp 
    C:\Windows\Temp\lpksetup-20071222-164210-0.log 
    C:\Windows\Temp\lpksetup-20071222-164158-0.log 
    C:\Windows\Temp\JET364B.tmp 
    C:\Windows\Temp\lpksetup-20071222-100152-0.log 
    C:\Windows\Temp\lpksetup-20071222-100137-0.log 
    C:\Windows\Temp\JET3735.tmp 
    C:\Windows\Temp\lpksetup-20071221-123620-0.log 
    C:\Windows\Temp\lpksetup-20071221-123607-0.log 
    C:\Windows\Temp\JET3EB4.tmp 
    C:\Windows\Temp\JET3274.tmp 
    C:\Windows\Temp\lpksetup-20071219-223537-0.log 
    C:\Windows\Temp\lpksetup-20071219-223522-0.log 
    C:\Windows\Temp\JET422D.tmp 
    C:\Windows\Temp\tmp0000359c 
    C:\Windows\Temp\lpksetup-20071218-180231-0.log 
    C:\Windows\Temp\lpksetup-20071218-180218-0.log 
    C:\Windows\Temp\JET2DC3.tmp 
    C:\Windows\Temp\JET19B7.tmp 
    C:\Windows\Temp\lpksetup-20071217-191929-0.log 
    C:\Windows\Temp\lpksetup-20071217-191916-0.log 
    C:\Windows\Temp\lpksetup-20071216-210313-0.log 
    C:\Windows\Temp\lpksetup-20071216-210300-0.log 
    C:\Windows\Temp\JET3561.tmp 
    C:\Windows\Temp\lpksetup-20071216-150300-0.log 
    C:\Windows\Temp\lpksetup-20071216-150245-0.log 
    C:\Windows\Temp\lpksetup-20071216-105759-0.log 
    C:\Windows\Temp\lpksetup-20071216-105735-0.log 
    C:\Windows\Temp\lpksetup-20071216-014032-0.log 
    C:\Windows\Temp\lpksetup-20071216-014018-0.log 
    C:\Windows\Temp\lpksetup-20071215-193827-0.log 
    C:\Windows\Temp\lpksetup-20071215-193812-0.log 
    C:\Windows\Temp\JET55BD.tmp 
    C:\Windows\Temp\tmp00006653 
    C:\Windows\Temp\JET29EC.tmp 
    C:\Windows\Temp\JET1B4C.tmp 
    C:\Windows\Temp\WinSAT_StorageAsmt.etl 
    C:\Windows\Temp\WinSAT_DX.etl 
    C:\Windows\Temp\WinSAT_KernelLog.etl 
    C:\Windows\Temp\JET5D9.tmp 
    ----------------------------------------
    
     
    C:\Users\CHRIST~1\AppData\Local\Temp
    
    C:\Users\CHRIST~1\AppData\Local\Temp\Temp1_hjtscanlist[1].zip
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF2DD4.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF2DCF.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\JET1718.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFD31F.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFD0A1.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\WPDNSE
    C:\Users\CHRIST~1\AppData\Local\Temp\Christian.bmp
    C:\Users\CHRIST~1\AppData\Local\Temp\Temp4_hijackthis_199.zip
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFD26E.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\MessengerCache
    C:\Users\CHRIST~1\AppData\Local\Temp\svj41.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF114B.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\MUI
    C:\Users\CHRIST~1\AppData\Local\Temp\Gast.bmp
    C:\Users\CHRIST~1\AppData\Local\Temp\tester.bmp
    C:\Users\CHRIST~1\AppData\Local\Temp\Jasmin.bmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFF1AA.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\JET7148.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_4060_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFCB25.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog15.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog14.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog13.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog12.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog11.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog10.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFEE07.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3892_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF877D.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\Temp3_hijackthis_199.zip
    C:\Users\CHRIST~1\AppData\Local\Temp\ASPNET.bmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFE78D.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF1A04.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3804_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF7597.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\Temp2_hijackthis_199.zip
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFAD4C.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFD7A7.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\Low
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFED10.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFFE83.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFDA17.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF25DB.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF8482.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF5A89.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF1BB.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF9548.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog09.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog08.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog07.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog06.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFC21D.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFE893.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\Temp1_HiJackThis.zip
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFA595.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFA67F.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF50A2.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFF45C.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF4703.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\Temp1_hijackthis_199.zip
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF8EED.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF23DE.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF5E3E.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog05.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF5F69.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFC418.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFB82.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF7AA3.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog04.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFBD51.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFD4EA.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog03.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF443D.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF351D.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF3FEA.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_548_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF5A36.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF3770.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_2228_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFDE38.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_2832_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog02.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_1252_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF7D46.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_4036_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_1500_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3416_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3868_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3428_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF9B66.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog01.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF9BC6.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFCFBF.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF4D15.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\wmplog00.sqm
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF24B9.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\wmsetup.log
    C:\Users\CHRIST~1\AppData\Local\Temp\.kmztmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF87BF.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\rb
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFAA01.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF88C1.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF3F66.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\ERROR_LOG_Bucharchiv.log
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF1D65.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFEAAA.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\hsperfdata_Christian
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF29CC.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF4ADC.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF9BAD.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB612861272259371442008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFC3B9.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild027.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild026.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild025.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF8C57.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF6865.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF6E53.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFD914.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFEC3F.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF712D.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3728_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\Temp1_libsetup.zip
    C:\Users\CHRIST~1\AppData\Local\Temp\SWV7954.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF773C.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFD55E.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFF400.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB57199824111644942008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\PDR.ini
    C:\Users\CHRIST~1\AppData\Local\Temp\PP_PDIR.pds
    C:\Users\CHRIST~1\AppData\Local\Temp\MSIca9ca.LOG
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB69241893103525942008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB8544992810282942008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB55498910102640942008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB5504352102544942008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFBBCD.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB1003713123248842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB26446611231447842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB47914994231353842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB1977744123921842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB6312022823857842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB3434513823522842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB57958645221220842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB17712903221111842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB1847251122848842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB1625753722739842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB45742911214639842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB2075205521324842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB43180692212331842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB9255771021184842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB69091868211618842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB1117307211356842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB8470980521105842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB666757321737842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB4079508221032842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB65258431205754842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB72498065205258842008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF7016.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF1BC0.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_2660_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF1E38.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFEA57.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\h2r92F6.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\r2h92E5.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\h2rFB0.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\r2hFAF.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\h2r3057.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\r2h3056.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF7783.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF6CDD.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\uis8C77.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(20080403183108B88).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(20080403183107B88).log
    C:\Users\CHRIST~1\AppData\Local\Temp\{c911d786-7c96-4f54-ac04-cf18ce96c287}
    C:\Users\CHRIST~1\AppData\Local\Temp\setup~1
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFE6CC.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF57F6.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\MSIff641.LOG
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF546E.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF23C8.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\jar_cache5864.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\jar_cache5863.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\jar_cache5862.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\jar_cache5861.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF8C04.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\jar_cache11524.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF14BD.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB500798522146543032008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\~GEFA47.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~GEEBD5.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~GE225D.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~GEE2CC.kmz
    C:\Users\CHRIST~1\AppData\Local\Temp\~GEE2CD.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~GEE2CC.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~GEA58.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFBC2D.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFD446.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF8C71.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF721F.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF4877.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF7F53.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF6532.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFE05B.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFBBF1.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFB976.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF4B8F.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF6304.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFFFA6.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF2815.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\AVSETUP_47e43195
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF2FB7.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF9240.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF8058.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFA7B2.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFC178.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFB1F7.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF96CC.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild024.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild023.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFE3.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF1C9E.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF2FE4.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp0000198a
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_5424_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\~DF775D.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\~DFE1CF.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_5676_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild022.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild021.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild020.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild019.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\AnyDVDHD
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(2008030707000716B4).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(2008030707000516B4).log
    C:\Users\CHRIST~1\AppData\Local\Temp\xprt7e8e.ico
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(200803061707068A8).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(200803061707048A8).log
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3412_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp00002a93
    C:\Users\CHRIST~1\AppData\Local\Temp\.zylomisrtemp1204494398
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(200803022226251BC8).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(200803022226241BC8).log
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(200803022219541DC4).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(200803022219531DC4).log
    C:\Users\CHRIST~1\AppData\Local\Temp\__SkypeIEToolbar_Cache
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(200803022203451CC).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(200803022203441CC).log
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(200803022139111718).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(200803022139101718).log
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(200803022135501DA8).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(200803022135491DA8).log
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(200803022131071D40).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(200803022131061D40).log
    C:\Users\CHRIST~1\AppData\Local\Temp\xprt6c76.ico
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(2008030220190415BC).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(2008030220190315BC).log
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(20080302200658324).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(20080302200657324).log
    C:\Users\CHRIST~1\AppData\Local\Temp\.zylomtemp1204294322
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp0000522a
    C:\Users\CHRIST~1\AppData\Local\Temp\drmtemp0091EA41.htm
    C:\Users\CHRIST~1\AppData\Local\Temp\drmtemp0091D470.htm
    C:\Users\CHRIST~1\AppData\Local\Temp\drmtemp0091C0F0.htm
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp00000296
    C:\Users\CHRIST~1\AppData\Local\Temp\OneNoteRuntimeCache
    C:\Users\CHRIST~1\AppData\Local\Temp\msohtmlclip1
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp00004217
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp000069bd
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB901250182127471722008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_2140_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\GEARInstall.log
    C:\Users\CHRIST~1\AppData\Local\Temp\QTInstallCode.log
    C:\Users\CHRIST~1\AppData\Local\Temp\qtplugin.log
    C:\Users\CHRIST~1\AppData\Local\Temp\temp.ani
    C:\Users\CHRIST~1\AppData\Local\Temp\drm_dyndata_7270012.dll
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB87680763113726322008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB38957721113324322008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB77130633161625222008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\_MTB8127361513284222008.flv
    C:\Users\CHRIST~1\AppData\Local\Temp\NDLC2
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp00005bb0
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp0000675d
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp00007c1c
    C:\Users\CHRIST~1\AppData\Local\Temp\JET7C11.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp00002435
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_5508_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3120_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp00007ecc
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_2556_2.ui
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp00004241
    C:\Users\CHRIST~1\AppData\Local\Temp\JET26D1.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRF8BD.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRF8AC.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRF89A.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRF898.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRF876.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRF864.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRF7D6.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRD8B4.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRD890.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRD87E.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRD86E.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRD85D.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRD83B.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRD817.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TFRD806.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\OIS
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp00003bce
    C:\Users\CHRIST~1\AppData\Local\Temp\sxeAA83.7z
    C:\Users\CHRIST~1\AppData\Local\Temp\sxeAA83.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp00001cbb
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp0000285a
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp000006d1
    C:\Users\CHRIST~1\AppData\Local\Temp\~f39a36.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\{b36f6851-0513-4818-a6a8-0be40fab0cce}
    C:\Users\CHRIST~1\AppData\Local\Temp\{39b8441b-468e-4e51-be80-72b49114c9f9}
    C:\Users\CHRIST~1\AppData\Local\Temp\ICQ1CE8.tmp
    C:\Users\CHRIST~1\AppData\Local\Temp\TWAIN.LOG
    C:\Users\CHRIST~1\AppData\Local\Temp\Twain001.Mtx
    C:\Users\CHRIST~1\AppData\Local\Temp\Twunk001.MTX
    C:\Users\CHRIST~1\AppData\Local\Temp\Twunk002.MTX
    C:\Users\CHRIST~1\AppData\Local\Temp\Digital_Foto_Maker
    C:\Users\CHRIST~1\AppData\Local\Temp\MSSSerif120.fon
    C:\Users\CHRIST~1\AppData\Local\Temp\drm_dialogs.dll
    C:\Users\CHRIST~1\AppData\Local\Temp\OfficeMMergeTempDir
    C:\Users\CHRIST~1\AppData\Local\Temp\PCCS.log
    C:\Users\CHRIST~1\AppData\Local\Temp\Nokia_PC_Connectivity_Solution.msi
    C:\Users\CHRIST~1\AppData\Local\Temp\NCCD.log
    C:\Users\CHRIST~1\AppData\Local\Temp\Nokia_Connectivity_Cable_Driver.msi
    C:\Users\CHRIST~1\AppData\Local\Temp\{eaf26e44-3431-47bb-93b1-a5f5e13358f3}
    C:\Users\CHRIST~1\AppData\Local\Temp\Excel8.0
    C:\Users\CHRIST~1\AppData\Local\Temp\Adobe
    C:\Users\CHRIST~1\AppData\Local\Temp\OneNote_MigrationLog.txt
    C:\Users\CHRIST~1\AppData\Local\Temp\msohtmlclip
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(20071216152245994).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(20071216152244994).log
    C:\Users\CHRIST~1\AppData\Local\Temp\Administrator.bmp
    C:\Users\CHRIST~1\AppData\Local\Temp\History
    C:\Users\CHRIST~1\AppData\Local\Temp\Cookies
    C:\Users\CHRIST~1\AppData\Local\Temp\Temporary Internet Files
    C:\Users\CHRIST~1\AppData\Local\Temp\PDV_R2DWork
    C:\Users\CHRIST~1\AppData\Local\Temp\Google Toolbar
    C:\Users\CHRIST~1\AppData\Local\Temp\{1B8C57E9-A286-40AC-BBE7-CBEE9B8DCF3B}
    C:\Users\CHRIST~1\AppData\Local\Temp\{FC193A16-1DDE-4E23-B5CD-04AF9929BC23}
    C:\Users\CHRIST~1\AppData\Local\Temp\UserInfoSetup(200712141956551070).log
    C:\Users\CHRIST~1\AppData\Local\Temp\SetupExe(200712141956521070).log
    C:\Users\CHRIST~1\AppData\Local\Temp\VBE
    C:\Users\CHRIST~1\AppData\Local\Temp\tmp00005648
    C:\Users\CHRIST~1\AppData\Local\Temp\Google Gadget Cache
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild004.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild003.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild001.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\Bild000.jpg
    C:\Users\CHRIST~1\AppData\Local\Temp\Install_WLMessenger.exe
    C:\Users\CHRIST~1\AppData\Local\Temp\DSC02694.JPG
    C:\Users\CHRIST~1\AppData\Local\Temp\DSC02016.JPG
    C:\Users\CHRIST~1\AppData\Local\Temp\IMG015.JPG
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3412_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_548_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_5508_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3428_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3416_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_1500_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_4060_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_5676_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3120_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_2832_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_2140_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_1252_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_2660_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3892_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_4036_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_2556_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3868_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3728_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_5424_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_2228_2
    C:\Users\CHRIST~1\AppData\Local\Temp\ppcrlui_3804_2
    C:\Users\CHRIST~1\AppData\Local\Temp\AutoRun.exe
    C:\Users\CHRIST~1\AppData\Local\Temp\AutoRunGUI.dll
    C:\Users\CHRIST~1\AppData\Local\Temp\setAF91.tmp
    ----------------------------------------
    
     
    C:\Program Files
    
    C:\Program Files\Trend Micro 
    C:\Program Files\ICQ6 
    C:\Program Files\Common Files 
    C:\Program Files\Windows Mail 
    C:\Program Files\Internet Explorer 
    C:\Program Files\Klassenb?cherei 
    C:\Program Files\Xvid 
    C:\Program Files\Windows Live 
    C:\Program Files\Microsoft SQL Server Compact Edition 
    C:\Program Files\Bucharchiv 
    C:\Program Files\Avira 
    C:\Program Files\sixteen tons entertainment 
    C:\Program Files\InstallShield Installation Information 
    C:\Program Files\SlySoft 
    C:\Program Files\OpenOffice.org 2.4 
    C:\Program Files\Microsoft Office 
    C:\Program Files\Microsoft Office1 
    C:\Program Files\microsoft frontpage 
    C:\Program Files\iTunes 
    C:\Program Files\iPod 
    C:\Program Files\Bonjour 
    C:\Program Files\QuickTime 
    C:\Program Files\Apple Software Update 
    C:\Program Files\DsNET Corp 
    C:\Program Files\EA SPORTS 
    C:\Program Files\Skype 
    C:\Program Files\Windows Sidebar 
    C:\Program Files\Google 
    C:\Program Files\EA GAMES 
    C:\Program Files\NovaLogic 
    C:\Program Files\Nokia 
    C:\Program Files\Rockstar Games 
    C:\Program Files\AnyDVD 
    C:\Program Files\ZDF 
    C:\Program Files\Opera 
    C:\Program Files\Windows NT 
    C:\Program Files\Gemeinsame Dateien 
    C:\Program Files\Aldi Sued Fotoservice 
    C:\Program Files\ALDI Online Druck Service (Sued) 
    C:\Program Files\ALDI Sued Foto Service 
    C:\Program Files\Softex 
    C:\Program Files\Fingerprint Sensor 
    C:\Program Files\CyberLink 
    C:\Program Files\Nero 
    C:\Program Files\Microsoft CAPICOM 2.1.0.2 
    C:\Program Files\Buhl 
    C:\Program Files\Letstrade 
    C:\Program Files\DataDesign 
    C:\Program Files\Sonavis 
    C:\Program Files\Sceneo 
    C:\Program Files\Medion 
    C:\Program Files\Launch Manager 
    C:\Program Files\Ulead Systems 
    C:\Program Files\HomeCinema 
    C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites 
    C:\Program Files\Microsoft Works 
    C:\Program Files\Microsoft.NET 
    C:\Program Files\Java 
    C:\Program Files\Adobe 
    C:\Program Files\Windows Media Player 
    C:\Program Files\Realtek 
    C:\Program Files\desktop.ini 
    C:\Program Files\Windows Calendar 
    C:\Program Files\Windows Defender 
    C:\Program Files\MSXML 4.0 
    C:\Program Files\X10 Hardware 
    C:\Program Files\Synaptics 
    C:\Program Files\Intel 
    C:\Program Files\Uninstall Information 
    C:\Program Files\Movie Maker 
    C:\Program Files\Windows Collaboration 
    C:\Program Files\Windows Photo Gallery 
    C:\Program Files\Windows Journal 
    C:\Program Files\MSN 
    C:\Program Files\Microsoft Games 
    C:\Program Files\MSBuild 
    C:\Program Files\Reference Assemblies 
    C:\Program Files\Dao360.dll 
    C:\Program Files\Dao350.dll 
    ----------------------------------------
    
     
    C:\ProgramData\.. 
    
    tester    
    Christian    
    Jasmin    
    Administrator    
    Default    
    Public    
    desktop.ini    
    Default User    
    All Users    
    ----------------------------------------
    
     
    C:\Windows\system32\drivers\etc\hosts
    
    #       38.25.63.10     x.acme.com              # x client host
    127.0.0.1       localhost
    ::1             localhost
    127.0.0.1 etren.info
    # Start of entries inserted by Spybot - Search & Destroy
    127.0.0.1	www.007guard.com
    127.0.0.1	007guard.com
    127.0.0.1	008i.com
    127.0.0.1	www.008k.com
    127.0.0.1	008k.com
    127.0.0.1	www.00hq.com
    127.0.0.1	00hq.com
    127.0.0.1	010402.com
    127.0.0.1	www.032439.com
    127.0.0.1	032439.com
    127.0.0.1	www.1001-search.info
    127.0.0.1	1001-search.info
    127.0.0.1	www.100888290cs.com
    127.0.0.1	100888290cs.com
    127.0.0.1	www.100sexlinks.com
    127.0.0.1	100sexlinks.com
    127.0.0.1	www.10sek.com
    127.0.0.1	10sek.com
    127.0.0.1	www.123topsearch.com
    
    ----------------------------------------
    
    
    
    Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
    ========================= ======== ================ =========== ===============
    System Idle Process              0 Services                   0            28 K
    System                           4 Services                   0        20.592 K
    smss.exe                       404 Services                   0           720 K
    csrss.exe                      480 Services                   0         4.800 K
    csrss.exe                      516 Console                    1         8.820 K
    wininit.exe                    524 Services                   0         3.652 K
    services.exe                   560 Services                   0         4.956 K
    lsass.exe                      572 Services                   0         2.732 K
    winlogon.exe                   596 Console                    1         4.232 K
    lsm.exe                        604 Services                   0         3.692 K
    svchost.exe                    760 Services                   0         5.232 K
    svchost.exe                    812 Services                   0         5.680 K
    svchost.exe                    852 Services                   0        20.880 K
    svchost.exe                    940 Services                   0         5.872 K
    svchost.exe                    968 Services                   0        14.700 K
    svchost.exe                   1004 Services                   0        11.188 K
    svchost.exe                   1032 Services                   0        14.984 K
    svchost.exe                   1048 Services                   0         5.568 K
    svchost.exe                   1200 Services                   0        10.160 K
    explorer.exe                  1488 Console                    1        35.636 K
    svchost.exe                   1552 Services                   0         4.420 K
    msnmsgr.exe                   1440 Console                    1         6.204 K
    ICQ.exe                       1476 Console                    1        43.324 K
    Opera.exe                      736 Console                    1        49.188 K
    iexplore.exe                  1876 Console                    1        43.964 K
    cmd.exe                        672 Console                    1         3.412 K
    tasklist.exe                   748 Console                    1         4.756 K
    WmiPrvSE.exe                  1652 Services                   0         5.748 K
    
     
    ***** Ende des Scans 04.05.2008 um 21:29:52,19 ***

    Schritt4:

    Code:
    Deckard's System Scanner v20071014.68
    Run by Christian on 2008-05-04 21:31:54
    Computer is in Safe Mode with Networking.
    --------------------------------------------------------------------------------
    
    -- Last 5 Restore Point(s) --
    22: 2008-04-22 17:27:31 UTC - RP272 - Geplanter Prüfpunkt
    21: 2008-04-17 19:54:24 UTC - RP271 - Windows Update
    20: 2008-04-16 12:20:52 UTC - RP270 - Geplanter Prüfpunkt
    19: 2008-04-15 16:11:46 UTC - RP269 - Windows Update
    18: 2008-04-13 15:54:19 UTC - RP268 - Geplanter Prüfpunkt
    
    
    -- First Restore Point -- 
    1: 2008-03-21 22:07:20 UTC - RP251 - AntiVir PersonalEdition Classic - 21.03.2008 23:07
    
    
    Backed up registry hives.
    Performed disk cleanup.
    
    
    
    -- HijackThis (run as Christian.exe) -------------------------------------------
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:34:56, on 04.05.2008
    Platform: Windows Vista  (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Safe mode with network support
    
    Running processes:
    C:\Windows\Explorer.EXE
    C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGKHSF0Z\dss[1].exe
    C:\Windows\system32\DllHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Christian.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
    O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing)
    O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing)
    O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing) (HKCU)
    O13 - Gopher Prefix: 
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
    O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
    O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    
    --
    End of file - 10060 bytes
    
    -- File Associations -----------------------------------------------------------
    
    All associations okay.
    
    
    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
    
    S1 Hotkey - c:\windows\system32\drivers\hotkey.sys
    S1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
    
    
    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
    
    S2 AFinding (AFinding Service) - c:\windows\system32\afinding.exe
    S2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
    S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    S2 Bonjour Service (Bonjour-Dienst) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
    S2 GnabService - c:\program files\common files\gnab\service\servicecontroller.exe <Not Verified; Empolis GmbH; Gnab>
    S2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
    S2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe
    S2 Routing (Routing Service) - c:\windows\system32\routing.exe
    S2 srvcPVR (Sceneo PVR Service) - c:\program files\sceneo\absoluttv\services\pvr\pvrservice.exe <Not Verified; Buhl Data Service GmbH; Sceneo Buenavista>
    S2 WServing (WServing Service) - c:\windows\system32\wserving.exe
    S2 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>
    S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\aldi sued foto service\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>
    S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
    S3 WisLMSvc - "c:\program files\launch manager\wislmsvc.exe" <Not Verified; Wistron Corp.; >
    
    
    -- Device Manager: Disabled ----------------------------------------------------
    
    No disabled devices found.
    
    
    -- Scheduled Tasks -------------------------------------------------------------
    
    2008-05-02 11:35:00       426 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{924DA4FF-ED45-4C9D-84B5-4510E583A7E8}.job
    2008-05-02 11:35:00       420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{02D65628-E6E3-45D6-854A-BC84A1BD8E52}.job
    
    
    -- Files created between 2008-04-04 and 2008-05-04 -----------------------------
    
    2008-05-04 21:26:53         0 d-------- C:\Program Files\Trend Micro
    2008-05-02 17:59:12         0 d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-04-14 21:16:05         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-10 17:20:02    286720 --a------ C:\Windows\iun503.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
    2008-04-10 17:20:01         0 d-------- C:\Program Files\Klassenbücherei
    2008-04-10 17:04:54     73216 --a------ C:\Windows\system32\ODBCTL32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
    2008-04-10 16:57:28    125712 --a------ C:\Windows\system32\VB6DE.DLL <Not Verified; Microsoft Corporation; Visual Basic Environment>
    2008-04-05 11:51:23         0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-04-05 11:25:58         0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-04-05 11:25:55         0 d-------- C:\Program Files\Windows Live
    2008-04-05 11:24:54         0 d-------- C:\Users\All Users\WLInstaller
    
    
    -- Find3M Report ---------------------------------------------------------------
    
    2008-05-04 21:22:13    650364 --a------ C:\Windows\system32\perfh007.dat
    2008-05-04 21:22:13    120530 --a------ C:\Windows\system32\perfc007.dat
    2008-05-04 21:12:36    153599 --a------ C:\Users\Christian\AppData\Roaming\nvModes.001
    2008-05-04 18:12:55         0 d-------- C:\Users\Christian\AppData\Roaming\OpenOffice.org2
    2008-05-02 19:31:20         0 d-------- C:\Users\Christian\AppData\Roaming\Skype
    2008-05-02 16:13:39         0 d-------- C:\Users\Christian\AppData\Roaming\skypePM
    2008-04-17 07:59:13         0 d-------- C:\Program Files\ICQ6
    2008-04-15 17:52:46    279552 --a------ C:\Windows\system32\andt.sys
    2008-04-14 21:16:05         0 d-------- C:\Program Files\Common Files
    2008-04-10 21:17:34         0 d-------- C:\Program Files\Windows Mail
    2008-04-10 16:57:28         0 d-------- C:\Users\Christian\AppData\Roaming\DoubleA
    2008-04-10 16:56:37         0 d-------- C:\Users\Christian\AppData\Roaming\XLMSoft
    2008-04-09 10:48:36         0 d-------- C:\Program Files\Xvid
    2008-04-08 00:59:20         0 d-------- C:\Users\Christian\AppData\Roaming\CyberLink
    2008-04-05 11:34:20         0 d-------- C:\Users\Christian\AppData\Roaming\Windows Live Writer
    2008-04-03 18:36:46         0 d-------- C:\Users\Christian\AppData\Roaming\Help
    2008-04-02 09:55:33         0 d-------- C:\Program Files\Bucharchiv
    2008-04-02 08:12:44         0 d-------- C:\Program Files\Common Files\GBelectronics Shared
    2008-03-30 17:09:35    153599 --a------ C:\Users\Christian\AppData\Roaming\nvModes.dat
    2008-03-26 00:45:03         0 d-------- C:\Users\Christian\AppData\Roaming\Nokia
    2008-03-22 00:07:53         0 d-------- C:\Program Files\Avira
    2008-03-19 17:31:54         0 d-------- C:\Program Files\sixteen tons entertainment
    2008-03-19 17:31:51         0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-03-17 19:10:58         8 --a------ C:\Users\Christian\AppData\Roaming\NMM-MetaData.db
    2008-03-17 01:47:43       560 --a------ C:\Users\Christian\AppData\Roaming\wklnhst.dat
    2008-03-10 10:10:17     31232 --a------ C:\Windows\system32\routing.exe
    2008-03-10 10:05:52         0 d-------- C:\Program Files\SlySoft
    2008-03-06 20:55:55         0 d-------- C:\Program Files\OpenOffice.org 2.4
    2008-03-06 19:10:38         0 d-------- C:\Program Files\Microsoft Office1
    2008-03-06 19:07:35         0 d-------- C:\Program Files\microsoft frontpage
    
    
    -- Registry Dump ---------------------------------------------------------------
    
    *Note* empty entries & legit default entries are not shown
    
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18.09.2007 12:19]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [31.08.2007 11:04]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [19.09.2007 20:05]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [19.09.2007 20:05]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [19.09.2007 20:05]
    "PLFSetL"="C:\Windows\PLFSetL.exe" [05.07.2007 12:35]
    "RemoteControl"="C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" [09.02.2007 20:51]
    "LanguageShortcut"="C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" [08.01.2007 22:17]
    "UpdatePPShortCut"="C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [13.09.2007 16:32]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [01.09.2007 14:03]
    "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [06.09.2007 11:23]
    "LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [26.12.2006 11:23]
    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [07.09.2007 09:26]
    "ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
    "OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [04.09.2007 12:45]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [25.10.2007 10:57]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01.02.2008 00:13]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [19.04.2008 00:26]
    "MSConfig"="C:\Windows\system32\msconfig.exe" [02.11.2006 11:45]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10.01.2008 18:06]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 14:35]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [19.06.2006 16:59]
    "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [28.10.2007 19:51]
    "ICQ"="C:\Program Files\ICQ6\ICQ.exe" [01.04.2008 12:40]
    
    C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26.10.2006 20:24:54]
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [21.01.2008 16:41:28]
    PowerReg Scheduler.exe [22.12.2007 23:53:46] 
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted	hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e9714f5-b6eb-11dc-9478-001cbf20c73d}]
    AutoRun\command- G:\setupSNK.exe
    
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP
    
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
    
    
    
    -- Hosts -----------------------------------------------------------------------
    
    127.0.0.1 etren.info
    127.0.0.1	www.007guard.com
    127.0.0.1	007guard.com
    127.0.0.1	008i.com
    127.0.0.1	www.008k.com
    127.0.0.1	008k.com
    127.0.0.1	www.00hq.com
    127.0.0.1	00hq.com
    127.0.0.1	010402.com
    127.0.0.1	www.032439.com
    
    8301 more entries in hosts file.
    
    
    -- End of Deckard's System Scanner: finished at 2008-05-04 21:36:29 ------------
    Code:
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------
    
    -- System Information ----------------------------------------------------------
    
    Microsoft® Windows Vista™ Home Premium  (build 6000)
    Architecture: X86; Language: German
    
    CPU 0: Intel(R) Core(TM)2 Duo CPU     T5450  @ 1.66GHz
    Percentage of Memory in Use: 23%
    Physical Memory (total/avail): 2045.81 MiB / 1568.01 MiB
    Pagefile Memory (total/avail): 4306.93 MiB / 3992.4 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1911.06 MiB
    
    C: is Fixed (NTFS) - 209.81 GiB total, 141.19 GiB free. 
    D: is Fixed (FAT32) - 23.06 GiB total, 13.24 GiB free. 
    E: is Removable (FAT)
    F: is CDROM (No Media)
    H: is Removable (No Media)
    
    \\.\PHYSICALDRIVE0 - WDC WD2500BEVS-00UST0 - 232.88 GiB - 2 partitions
      \PARTITION0 - Erweitert mit Int 13 (erweitert) - 23.07 GiB - D:
      \PARTITION1 (bootable) - Installierbares Dateisystem - 209.81 GiB - C:
    
    \\.\PHYSICALDRIVE2 - Generic-Multi-Card       USB Device
    
    \\.\PHYSICALDRIVE1 - USB Flash Disk USB Device - 117.66 MiB - 1 partition
      \PARTITION0 - 16-Bit FAT - 120.48 MiB - E:
    
    
    
    -- Security Center -------------------------------------------------------------
    
    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.
    
    AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)
    AS: Avira AntiVir PersonalEdition v 7.0.3.158
     (Avira GmbH)
    AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated
    
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    
    
    -- Environment Variables -------------------------------------------------------
    
    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Christian\AppData\Roaming
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=CHRISTIAN
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Christian
    LOCALAPPDATA=C:\Users\Christian\AppData\Local
    LOGONSERVER=\\CHRISTIAN
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Softex\OmniPass;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f0d
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    SAFEBOOT_OPTION=NETWORK
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\CHRIST~1\AppData\Local\Temp
    TMP=C:\Users\CHRIST~1\AppData\Local\Temp
    USERDOMAIN=CHRISTIAN
    USERNAME=Christian
    USERPROFILE=C:\Users\Christian
    windir=C:\Windows
    
    
    -- User Profiles ---------------------------------------------------------------
    
    Christian (admin)
    Jasmin
    tester (new local, admin, net ready)
    
    
    -- Add/Remove Programs ---------------------------------------------------------
    
     --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
     --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
     --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
     --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
     --> C:\Windows\UNNeroVision.exe /UNINSTALL
     --> C:\Windows\UNRecode.exe /UNINSTALL
    Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.1 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003}
    Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
    Agere Systems HDA Modem --> agrsmdel
    ALDI Foto Manager Free Sued --> C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Manager_Free\instslct.exe /p
    ALDI Online Druck Service (Sued) --> C:\PROGRA~1\ALDION~1\ALDI_ODS\UNWISE.EXE C:\PROGRA~1\ALDION~1\ALDI_ODS\INSTALL.LOG
    Aldi Süd Fotoservice --> "C:\Program Files\Aldi Sued Fotoservice\unins000.exe"
    ALDI Sued Foto Service --> C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\instslct.exe /p
    AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
    Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    aTube Catcher 1.0 --> MsiExec.exe /I{0D38396A-26FD-4106-A149-99CE891AA6CA}
    AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /X{CC8B5182-6F21-4DB1-9E17-E157966659E7}
    Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x7 
    Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
    Buch80 --> C:\Buch80\caindreg.exe
    Bucharchiv 1.0 --> MsiExec.exe /I{C9115565-111A-4DFB-9C92-9F79D55686B8}
    Compatibility Pack für 2007 Office System --> MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
    CyberLink PhotoNow --> "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
    Delicious Deluxe --> "C:\Users\Christian\AppData\Local\Zylom Games\Delicious Deluxe\GameInstlr.exe" --uninstall UnInstall.log
    Delta Force - Black Hawk Down --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FE54D21-8254-4CCF-AEE0-066496AE43F4}\setup.exe" -l0x9  -uninst 
    Emergency4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4C534E-431F-4A17-97D4-D1682B19A054}\setup.exe" -l0x7 
    Firebird SQL Server - MAGIX Edition --> C:\Program Files\ALDI Sued Foto Service\Common\Database\instslct.exe /p
    FUSSBALL MANAGER 07 --> C:\Program Files\EA SPORTS\FUSSBALL MANAGER 07\EAUninstall.exe
    Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Office (KB943075) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {259EA5E1-2022-45D9-B882-99E71C00E3DF}
    Hotfix for Office (KB943075) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2D796E4E-EC3C-4716-9B62-DB2EA213DF2B}
    Hotfix for Office (KB943075) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8AC6CBE-8755-4D30-B60D-7FEF1D78F4EC}
    ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
    Inst5657 --> MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123}
    Intel(R) Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
    iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Klassenbücherei --> C:\Windows\iun503.exe C:\Program Files\Klassenbücherei\irunin.ini
    Launch Manager V1.4.9 --> C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe -runfromtemp -l0x0007 -removeonly
    Letstrade --> MsiExec.exe /X{E0091C29-DEE8-4B24-BF65-8C35B5940D77}
    MakeDisc --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\Setup.exe"  -uninstall
    MediaShow --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\Setup.exe"  -uninstall
    MEDION Fotos auf CD Sued --> C:\Program Files\ALDI Sued Foto Service\Medion_Fotos_auf_CD_6\instslct.exe /p
    MEDIONbox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27FDF949-69CE-435A-8372-339F72336AC5}\setup.exe" -l0x7  -removeonly
    Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
    Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
    Microsoft Office PowerPoint Viewer 2007 (German) --> MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
    Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
    Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
    Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
    Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Works --> MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
    MSXML 4.0 SP2 (KB925672) --> MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
    MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    Nero 8 Essentials --> MsiExec.exe /X{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}
    neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
    Nokia PC Connectivity Solution --> MsiExec.exe /I{9F2BDC61-4D2D-47C0-BCB6-7D43D0EA7948}
    Nokia PC Suite --> MsiExec.exe /I{79880ACC-B5AB-486A-B95D-03F55DF3F9C6}
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    OmniPass 5.00.74 --> C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe -runfromtemp -l0x0007 -removeonly
    OpenOffice.org 2.4 --> MsiExec.exe /I{BF50BF30-ADA7-4115-9B82-9883A10FC04A}
    Opera 9.24 --> MsiExec.exe /X{283D22C2-93CA-4E96-AB15-34F726D1B46C}
    PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
    PowerDV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\Setup.exe"  -uninstall
    PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
    PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe"  -uninstall
    QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
    Realtek USB 2.0 Card Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9  -removeonly
    Sceneo AbsolutTV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}\Setup.exe"  -NoUpdate
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
    Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
    Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
    Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
    Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    TVsweeper --> MsiExec.exe /I{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}
    Ulead PhotoImpact 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x7 
    Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
    Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
    Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
    Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
    VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
    Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windows Live Fotogalerie --> MsiExec.exe /X{A1D08B90-AE1A-4885-AC29-731496FD397E}
    Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
    Windows Live Mail --> MsiExec.exe /I{82F2B38B-1426-443D-874C-AC25675E7BEB}
    Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
    Windows Live Writer --> MsiExec.exe /X{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}
    WISO Mein Geld 2008 Professional --> MsiExec.exe /I{D8D22773-14BF-4178-A683-3DBA515C2A26}
    X10 Hardware(TM) --> C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
    Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
    ZDFmediathek Version 1.4.0 --> "C:\Program Files\ZDF\ZDFmediathek\unins000.exe"
    
    
    -- Application Event Log -------------------------------------------------------
    
    Event Record #/Type14390 / Error
    Event Submitted/Written: 05/04/2008 09:18:54 PM
    Event ID/Source: 4609 / EventSystem
    Event Description:
    d:\vistartm\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
    
    Event Record #/Type14389 / Error
    Event Submitted/Written: 05/04/2008 09:18:15 PM
    Event ID/Source: 4609 / EventSystem
    Event Description:
    d:\vistartm\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
    
    Event Record #/Type14388 / Success
    Event Submitted/Written: 05/04/2008 09:18:06 PM
    Event ID/Source: 5617 / WinMgmt
    Event Description:
    
    
    Event Record #/Type14386 / Success
    Event Submitted/Written: 05/04/2008 09:18:04 PM
    Event ID/Source: 5615 / WinMgmt
    Event Description:
    
    
    Event Record #/Type14384 / Warning
    Event Submitted/Written: 05/04/2008 09:17:50 PM
    Event ID/Source: 6000 / Wlclntfy
    Event Description:
    Der Winlogon-Benachrichtigungsabonnent <GPClient> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten.
    
    
    
    -- Security Event Log ----------------------------------------------------------
    
    No Errors/Warnings found.
    
    
    -- System Event Log ------------------------------------------------------------
    
    Event Record #/Type49251 / Error
    Event Submitted/Written: 05/04/2008 09:19:08 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    1084usnjsvc{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
    
    Event Record #/Type49249 / Error
    Event Submitted/Written: 05/04/2008 09:18:48 PM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    avgio
    avipbb
    ElbyCDIO
    Hotkey
    spldr
    ssmdrv
    Wanarpv6
    
    Event Record #/Type49240 / Error
    Event Submitted/Written: 05/04/2008 09:18:48 PM
    Event ID/Source: 7001 / Service Control Manager
    Event Description:
    ComputerbrowserServer%%1068
    
    Event Record #/Type49223 / Error
    Event Submitted/Written: 05/04/2008 09:18:23 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
    
    Event Record #/Type49222 / Error
    Event Submitted/Written: 05/04/2008 09:18:16 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    
    
    
    -- End of Deckard's System Scanner: finished at 2008-05-04 21:36:29 ------------
    Schritt5:

    Datei- Kontrolle:
    Code:
    C:\Windows\system32\afinding.exe
    
    Datei version: 2.0.0.4
    Beschreibung: afining.exe
    Copyright:
    
    
    C:\Windows\system32\perfs.exe
    
    Datei version: 2.0.0.4
    Beschreibung: perfs.exe
    Copyright: 
    
    
    C:\Windows\system32\routing.exe
    
    Datei version: 2.0.0.4
    Beschreibung: routing.exe
    Copyright:
    
    
    C:\Windows\system32\wserving.exe
    
    Datei version: 2.0.0.4
    Beschreibung: wserving.exe
    Copyright:
    Datei Überprüfung:

    Code:
    Datei afinding.exe empfangen 2008.05.04 22:19:24 (CET)Antivirus	Version	letzte aktualisierung	Ergebnis
    AhnLab-V3	2008.5.3.0	2008.05.02	Win-Trojan/Xema.variant
    AntiVir	7.8.0.11	2008.05.02	TR/Dldr.Delf.gtj
    Authentium	4.93.8	2008.05.02	-
    Avast	4.8.1169.0	2008.05.04	-
    AVG	7.5.0.516	2008.05.03	Downloader.Generic7.HIG
    BitDefender	7.2	2008.05.04	-
    CAT-QuickHeal	9.50	2008.05.03	TrojanDownloader.Delf.gtj
    ClamAV	0.92.1	2008.05.04	Trojan.Downloader-32792
    DrWeb	4.44.0.09170	2008.05.04	-
    eSafe	7.0.15.0	2008.04.28	-
    eTrust-Vet	31.3.5755	2008.05.03	-
    Ewido	4.0	2008.05.04	-
    F-Prot	4.4.2.54	2008.05.04	W32/D_Downloader!GSA
    F-Secure	6.70.13260.0	2008.05.04	Trojan-Downloader.Win32.Delf.gtj
    Fortinet	3.14.0.0	2008.05.04	-
    Ikarus	T3.1.1.26	2008.05.04	Trojan-Dropper.Win32.Delf.se
    Kaspersky	7.0.0.125	2008.05.04	Trojan-Downloader.Win32.Delf.gtj
    McAfee	5287	2008.05.02	-
    Microsoft	1.3408	2008.04.22	TrojanDropper:Win32/Delf.SE
    NOD32v2	3072	2008.05.03	-
    Norman	5.80.02	2008.05.02	-
    Panda	9.0.0.4	2008.05.04	-
    Prevx1	V2	2008.05.04	Rootkit
    Rising	20.42.62.00	2008.05.04	-
    Sophos	4.29.0	2008.05.04	Mal/Generic-A
    Sunbelt	3.0.1097.0	2008.05.03	-
    Symantec	10	2008.05.04	-
    TheHacker	6.2.92.300	2008.05.03	-
    VBA32	3.12.6.5	2008.05.03	Trojan-Downloader.Win32.Delf.gtj
    VirusBuster	4.3.26:9	2008.05.03	-
    Webwasher-Gateway	6.6.2	2008.05.04	Trojan.Dldr.Delf.gtj
    
    weitere Informationen
    File size: 186368 bytes
    MD5...: 0c59218de070d13ce603bc494ee22b74
    SHA1..: bb08ad2b57dafcec7f3d61ff75f238111504b231
    SHA256: 347858df479e54a68395e18924cf48425237e64b89f870258b800b7fb37c8207
    SHA512: f4459e015de239c0b1826965f3526f11b9d622c55759ac8a03b98f2eed88fba5<BR>56876603b5abc77d98ae0d25cf4591c1c626e99940ee0d4a21dcca2bb89f9643
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x10027974<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x26d3c 0x26e00 6.39 20e7207418ca7451c20ded7a59438c0b<BR>DATA 0x28000 0x960 0xa00 4.09 0e08eb3dfbc43e737cadd17169db67ac<BR>BSS 0x29000 0xcfd 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0x2a000 0xef2 0x1000 4.67 5c9fad1810cc35cd4afec339ee5b1229<BR>.tls 0x2b000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x2c000 0x18 0x200 0.26 705af593c60c5d4dc2cc3ce81ff045fb<BR>.reloc 0x2d000 0x2824 0x2a00 6.60 0c57359548b31c59bfcfe049365f5471<BR>.rsrc 0x30000 0x2000 0x2000 3.91 e319a820bb2502c0880f369efde96505<BR><BR>( 12 imports ) <BR>&gt; kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, CreateFileA, CloseHandle<BR>&gt; user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<BR>&gt; advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>&gt; oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<BR>&gt; kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<BR>&gt; advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey<BR>&gt; kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, TerminateProcess, SystemTimeToFileTime, Sleep, SetFileTime, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LocalFileTimeToFileTime, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalAlloc, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FormatMessageA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateProcessA, CreateFileA, CreateEventA, CompareStringA, CloseHandle<BR>&gt; version.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA<BR>&gt; user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA<BR>&gt; advapi32.dll: StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, ControlService, CloseServiceHandle<BR>&gt; kernel32.dll: Sleep<BR>&gt; oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VarBstrFromBool, VarBstrFromDate, VarBstrFromCy, VarBoolFromStr, VarCyFromStr, VarDateFromStr, VarR8FromStr, VarI4FromStr, VarNot, VarNeg, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit<BR><BR>( 0 exports ) <BR>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=EDB1E15D008B0695D88D02C58F2CD000C346AF3E
    Code:
    Datei perfs.exe empfangen 2008.05.04 21:59:31 (CET)Antivirus	Version	letzte aktualisierung	Ergebnis
    AhnLab-V3	2008.5.3.0	2008.05.02	-
    AntiVir	7.8.0.11	2008.05.02	TR/Agent.jie
    Authentium	4.93.8	2008.05.02	-
    Avast	4.8.1169.0	2008.05.04	-
    AVG	7.5.0.516	2008.05.03	-
    BitDefender	7.2	2008.05.04	-
    CAT-QuickHeal	9.50	2008.05.03	-
    DrWeb	4.44.0.09170	2008.05.04	-
    eSafe	7.0.15.0	2008.04.28	-
    eTrust-Vet	31.3.5755	2008.05.03	-
    Ewido	4.0	2008.05.04	Trojan.Agent.jie
    F-Prot	4.4.2.54	2008.05.04	-
    F-Secure	6.70.13260.0	2008.05.04	Trojan.Win32.Agent.jie
    Fortinet	3.14.0.0	2008.05.04	-
    Ikarus	T3.1.1.26	2008.05.04	Trojan.Win32.Agent.jie
    Kaspersky	7.0.0.125	2008.05.04	Trojan.Win32.Agent.jie
    McAfee	5287	2008.05.02	-
    Microsoft	1.3408	2008.04.22	-
    NOD32v2	3072	2008.05.03	-
    Norman	5.80.02	2008.05.02	-
    Panda	9.0.0.4	2008.05.04	-
    Prevx1	V2	2008.05.04	Rootkit
    Rising	20.42.62.00	2008.05.04	-
    Sophos	4.29.0	2008.05.04	-
    Sunbelt	3.0.1097.0	2008.05.03	-
    Symantec	10	2008.05.04	-
    TheHacker	6.2.92.300	2008.05.03	-
    VBA32	3.12.6.5	2008.05.03	-
    VirusBuster	4.3.26:9	2008.05.03	-
    Webwasher-Gateway	6.6.2	2008.05.04	Trojan.Agent.jie
    
    weitere Informationen
    File size: 31232 bytes
    MD5...: 06a195ec332ed602654156668461cb09
    SHA1..: 31d82de7d4b88c22c9ad727ce59368d136580f8a
    SHA256: 8f89f400a892c252ce4dad94cfae1dcdeca2530ca31edd1a785ea990644997bd
    SHA512: a2e839e6c27580d118fbae80ee2b3ee0399f5e7ecbe3dd8d330188c2f2ad3b50<BR>d8fbda6fcdf37971eb3a2af9dd57f62be54b5c2c8f0dd43f1a9824a14def4fe8
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x10005524<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x4948 0x4a00 6.21 31eb1a928b4ddfaae975202d69dc5844<BR>DATA 0x6000 0x1a4 0x200 2.61 43543ac72fc2e9f40d54f64a8d5a6884<BR>BSS 0x7000 0x2f1 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0x8000 0x175a 0x1800 4.90 3883b629774ca38cee3575038a23893e<BR>.reloc 0xa000 0x6ac 0x800 6.02 01d4fd531d09a4e48e6ada2680de6a28<BR>.rsrc 0xb000 0xa00 0xa00 4.04 59e37e0daa6d868b62c1c686c30fafd1<BR><BR>( 20 imports ) <BR>&gt; rtl60.bpl: @System@initialization$qqrv, @System@Finalization$qqrv, @System@RegisterModule$qqrp17System@TLibModule, @System@@FinalizeArray$qqrpvt1ui, @System@@FinalizeRecord$qqrpvt1, @System@@InitializeArray$qqrpvt1ui, @System@@InitializeRecord$qqrpvt1, @System@@LStrSetLength$qqrv, @System@@LStrPos$qqrv, @System@@LStrDelete$qqrv, @System@@LStrCopy$qqrv, @System@@UniqueStringA$qqrr17System@AnsiString, @System@@LStrToPChar$qqrx17System@AnsiString, @System@@LStrAddRef$qqrpv, @System@@LStrCmp$qqrv, @System@@LStrCatN$qqrv, @System@@LStrCat3$qqrv, @System@@LStrCat$qqrv, @System@@LStrLen$qqrx17System@AnsiString, @System@@LStrFromPChar$qqrr17System@AnsiStringpc, @System@@LStrLAsg$qqrpvpxv, @System@@LStrAsg$qqrpvpxv, @System@@LStrArrayClr$qqrpvi, @System@@LStrClr$qqrpv, @System@@Halt0$qqrv, @System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule, @System@@DoneExcept$qqrv, @System@@RaiseExcept$qqrv, @System@@HandleFinally$qqrv, @System@@HandleOnException$qqrv, @System@@HandleAnyException$qqrv, @System@@BeforeDestruction$qqrp14System@TObjectzc, @System@@AfterConstruction$qqrp14System@TObject, @System@@ClassDestroy$qqrp14System@TObject, @System@@ClassCreate$qqrp17System@TMetaClasso, @System@TObject@Dispatch$qqrpv, @System@TObject@BeforeDestruction$qqrv, @System@TObject@AfterConstruction$qqrv, @System@TObject@DefaultHandler$qqrpv, @System@TObject@SafeCallException$qqrp14System@TObjectpv, @System@TObject@Free$qqrv, @System@TObject@$bdtr$qqrv, @System@TObject@$bctr$qqrv, @System@TObject@FreeInstance$qqrv, @System@TObject@NewInstance$qqrp17System@TMetaClass, @System@@RandInt$qqrv, @System@@FillChar$qqrpvic, @System@@ROUND$qqrv, @System@Randomize$qqrv, @System@ParamStr$qqri, @System@ParamCount$qqrv, @System@Move$qqrpxvpvi, @System@TObject@, @$xp$13System@String<BR>&gt; kernel32.dll: GetModuleHandleA<BR>&gt; version.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA<BR>&gt; kernel32.dll: WaitForSingleObject, TerminateProcess, SystemTimeToFileTime, Sleep, SetFileTime, LocalFileTimeToFileTime, LoadLibraryA, GetProcAddress, GetLastError, FileTimeToSystemTime, FileTimeToLocalFileTime, CreateThread, CreateProcessA<BR>&gt; rtl60.bpl: @Types@initialization$qqrv, @Types@Finalization$qqrv<BR>&gt; advapi32.dll: StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, ControlService, CloseServiceHandle<BR>&gt; kernel32.dll: Sleep<BR>&gt; rtl60.bpl: @Sysutils@initialization$qqrv, @Sysutils@Finalization$qqrv, @Sysutils@Exception@$bctr$qqrx17System@AnsiString, @Sysutils@FormatDateTime$qqrx17System@AnsiString16System@TDateTime, @Sysutils@Now$qqrv, @Sysutils@SystemTimeToDateTime$qqrrx11_SYSTEMTIME, @Sysutils@DateTimeToSystemTime$qqrx16System@TDateTimer11_SYSTEMTIME, @Sysutils@Format$qqrx17System@AnsiStringpx14System@TVarRecxi, @Sysutils@FindClose$qqrr19Sysutils@TSearchRec, @Sysutils@FindFirst$qqrx17System@AnsiStringir19Sysutils@TSearchRec, @Sysutils@FileExists$qqrx17System@AnsiString, @Sysutils@FileClose$qqri, @Sysutils@FileOpen$qqrx17System@AnsiStringui, @Sysutils@BoolToStr$qqroo, @Sysutils@IntToStr$qqrj, @Sysutils@IntToStr$qqri, @Sysutils@Trim$qqrx17System@AnsiString, @Sysutils@LowerCase$qqrx17System@AnsiString, @Sysutils@UpperCase$qqrx17System@AnsiString, @Sysutils@Exception@, @$xp$19Sysutils@TSearchRec<BR>&gt; rtl60.bpl: @Sysconst@initialization$qqrv, @Sysconst@Finalization$qqrv<BR>&gt; rtl60.bpl: @Registry@initialization$qqrv, @Registry@Finalization$qqrv, @Registry@TRegistry@ReadDateTime$qqrx17System@AnsiString, @Registry@TRegistry@WriteDateTime$qqrx17System@AnsiString16System@TDateTime, @Registry@TRegistry@WriteString$qqrx17System@AnsiStringt1, @Registry@TRegistry@OpenKey$qqrx17System@AnsiStringo, @Registry@TRegistry@SetRootKey$qqrui, @Registry@TRegistry@CloseKey$qqrv, @Registry@TRegistry@$bctr$qqrv, @Registry@TRegistry@<BR>&gt; rtl60.bpl: @Inifiles@initialization$qqrv, @Inifiles@Finalization$qqrv<BR>&gt; rtl60.bpl: @Classes@initialization$qqrv, @Classes@Finalization$qqrv, @Classes@TStringList@<BR>&gt; rtl60.bpl: @Activex@initialization$qqrv, @Activex@Finalization$qqrv<BR>&gt; rtl60.bpl: @Typinfo@initialization$qqrv, @Typinfo@Finalization$qqrv<BR>&gt; rtl60.bpl: @Variants@initialization$qqrv, @Variants@Finalization$qqrv<BR>&gt; rtl60.bpl: @Varutils@initialization$qqrv, @Varutils@Finalization$qqrv<BR>&gt; rtl60.bpl: @Rtlconsts@initialization$qqrv, @Rtlconsts@Finalization$qqrv<BR>&gt; rtl60.bpl: @Dateutils@initialization$qqrv, @Dateutils@Finalization$qqrv, @Dateutils@IncDay$qqrx16System@TDateTimexi, @Dateutils@HourSpan$qqrx16System@TDateTimet1, @Dateutils@SecondOfTheYear$qqrx16System@TDateTime, @Dateutils@DayOf$qqrx16System@TDateTime<BR>&gt; rtl60.bpl: @Math@initialization$qqrv, @Math@Finalization$qqrv<BR>&gt; rtl60.bpl: @Strutils@initialization$qqrv, @Strutils@Finalization$qqrv<BR><BR>( 0 exports ) <BR>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=393A07830010B28D7A6400252DA5420017A15C44
    Code:
    Datei routing.exe empfangen 2008.05.04 22:03:52 (CET)Antivirus	Version	letzte aktualisierung	Ergebnis
    AhnLab-V3	2008.5.3.0	2008.05.02	-
    AntiVir	7.8.0.11	2008.05.02	-
    Authentium	4.93.8	2008.05.02	-
    Avast	4.8.1169.0	2008.05.04	-
    AVG	7.5.0.516	2008.05.03	Generic10.HWP
    BitDefender	7.2	2008.05.04	-
    CAT-QuickHeal	9.50	2008.05.03	-
    ClamAV	0.92.1	2008.05.04	-
    DrWeb	4.44.0.09170	2008.05.04	Trojan.DownLoader.56756
    eSafe	7.0.15.0	2008.04.28	-
    eTrust-Vet	31.3.5755	2008.05.03	-
    Ewido	4.0	2008.05.04	-
    F-Prot	4.4.2.54	2008.05.04	-
    F-Secure	6.70.13260.0	2008.05.04	-
    Fortinet	3.14.0.0	2008.05.04	-
    Ikarus	T3.1.1.26	2008.05.04	Virus.Win32.Delf.INJ
    Kaspersky	7.0.0.125	2008.05.04	-
    McAfee	5287	2008.05.02	-
    Microsoft	1.3408	2008.04.22	-
    NOD32v2	3072	2008.05.03	-
    Norman	5.80.02	2008.05.02	W32/Smalltroj.DKFB
    Panda	9.0.0.4	2008.05.04	Generic Trojan
    Prevx1	V2	2008.05.04	Malicious Software
    Rising	20.42.62.00	2008.05.04	-
    Sophos	4.29.0	2008.05.04	-
    Sunbelt	3.0.1097.0	2008.05.03	-
    Symantec	10	2008.05.04	Trojan Horse
    TheHacker	6.2.92.300	2008.05.03	-
    VBA32	3.12.6.5	2008.05.03	Trojan.DownLoader.56756
    VirusBuster	4.3.26:9	2008.05.03	-
    Webwasher-Gateway	6.6.2	2008.05.04	-
    
    weitere Informationen
    File size: 31232 bytes
    MD5...: a2631d7b51e9ec001d548e71a9580bd8
    SHA1..: acabccaf72c5d7b88d55e5d0aaaf88f3eae3636e
    SHA256: 5b8921a9ecf7328e94dbf2756aa9e6eb2cc740a2a8e1bf438b940043390d35bd
    SHA512: 6ef0b15d8aafd6d579b6393838a1b5440518103de9c7cf2f611595d381fec6e8<BR>bfecaa354e0969cf116fd8eefd745f18978741be73c4182dfe19f3b03721ea97
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x10005534<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x48dc 0x4a00 6.18 f6a9ce334a9df7288bb2c89e98a5089c<BR>DATA 0x6000 0x1a4 0x200 2.61 8c0df3730b34c5df1df62b3a1e03cf68<BR>BSS 0x7000 0x2e5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0x8000 0x17c4 0x1800 4.94 6c3d14929a7a684173ccca7b5741b809<BR>.reloc 0xa000 0x694 0x800 5.97 a3b5379da14990e5ee1d5b1c0f47628b<BR>.rsrc 0xb000 0xa00 0xa00 4.02 ea3d5ace978c3b142abd079380c15bac<BR><BR>( 20 imports ) <BR>&gt; rtl60.bpl: @System@initialization$qqrv, @System@Finalization$qqrv, @System@RegisterModule$qqrp17System@TLibModule, @System@@FinalizeArray$qqrpvt1ui, @System@@FinalizeRecord$qqrpvt1, @System@@InitializeArray$qqrpvt1ui, @System@@InitializeRecord$qqrpvt1, @System@@LStrSetLength$qqrv, @System@@LStrPos$qqrv, @System@@LStrDelete$qqrv, @System@@LStrCopy$qqrv, @System@@UniqueStringA$qqrr17System@AnsiString, @System@@LStrToPChar$qqrx17System@AnsiString, @System@@LStrAddRef$qqrpv, @System@@LStrCmp$qqrv, @System@@LStrCatN$qqrv, @System@@LStrCat3$qqrv, @System@@LStrCat$qqrv, @System@@LStrLen$qqrx17System@AnsiString, @System@@LStrFromPChar$qqrr17System@AnsiStringpc, @System@@LStrLAsg$qqrpvpxv, @System@@LStrAsg$qqrpvpxv, @System@@LStrArrayClr$qqrpvi, @System@@LStrClr$qqrpv, @System@@Halt0$qqrv, @System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule, @System@@TryFinallyExit$qqrv, @System@@DoneExcept$qqrv, @System@@RaiseExcept$qqrv, @System@@HandleFinally$qqrv, @System@@HandleOnException$qqrv, @System@@HandleAnyException$qqrv, @System@@BeforeDestruction$qqrp14System@TObjectzc, @System@@AfterConstruction$qqrp14System@TObject, @System@@ClassDestroy$qqrp14System@TObject, @System@@ClassCreate$qqrp17System@TMetaClasso, @System@TObject@Dispatch$qqrpv, @System@TObject@BeforeDestruction$qqrv, @System@TObject@AfterConstruction$qqrv, @System@TObject@DefaultHandler$qqrpv, @System@TObject@SafeCallException$qqrp14System@TObjectpv, @System@TObject@Free$qqrv, @System@TObject@$bdtr$qqrv, @System@TObject@$bctr$qqrv, @System@TObject@FreeInstance$qqrv, @System@TObject@NewInstance$qqrp17System@TMetaClass, @System@@RandInt$qqrv, @System@@FillChar$qqrpvic, @System@@ROUND$qqrv, @System@Randomize$qqrv, @System@ParamStr$qqri, @System@ParamCount$qqrv, @System@Move$qqrpxvpvi, @System@TObject@, @$xp$13System@String<BR>&gt; kernel32.dll: GetModuleHandleA<BR>&gt; version.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA<BR>&gt; kernel32.dll: WriteFile, WaitForSingleObject, TerminateProcess, SystemTimeToFileTime, Sleep, SetFileTime, SetFilePointer, LocalFileTimeToFileTime, LoadLibraryA, GetProcAddress, GetLastError, FileTimeToSystemTime, FileTimeToLocalFileTime, CreateThread, CreateProcessA, CreateFileA, CloseHandle<BR>&gt; rtl60.bpl: @Types@initialization$qqrv, @Types@Finalization$qqrv<BR>&gt; advapi32.dll: StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, ControlService, CloseServiceHandle<BR>&gt; kernel32.dll: Sleep<BR>&gt; rtl60.bpl: @Sysutils@initialization$qqrv, @Sysutils@Finalization$qqrv, @Sysutils@Exception@$bctr$qqrx17System@AnsiString, @Sysutils@FormatDateTime$qqrx17System@AnsiString16System@TDateTime, @Sysutils@Now$qqrv, @Sysutils@SystemTimeToDateTime$qqrrx11_SYSTEMTIME, @Sysutils@DateTimeToSystemTime$qqrx16System@TDateTimer11_SYSTEMTIME, @Sysutils@Format$qqrx17System@AnsiStringpx14System@TVarRecxi, @Sysutils@FindClose$qqrr19Sysutils@TSearchRec, @Sysutils@FindFirst$qqrx17System@AnsiStringir19Sysutils@TSearchRec, @Sysutils@FileExists$qqrx17System@AnsiString, @Sysutils@FileClose$qqri, @Sysutils@FileOpen$qqrx17System@AnsiStringui, @Sysutils@BoolToStr$qqroo, @Sysutils@IntToStr$qqrj, @Sysutils@IntToStr$qqri, @Sysutils@Trim$qqrx17System@AnsiString, @Sysutils@LowerCase$qqrx17System@AnsiString, @Sysutils@UpperCase$qqrx17System@AnsiString, @Sysutils@Exception@, @$xp$19Sysutils@TSearchRec<BR>&gt; rtl60.bpl: @Sysconst@initialization$qqrv, @Sysconst@Finalization$qqrv<BR>&gt; rtl60.bpl: @Registry@initialization$qqrv, @Registry@Finalization$qqrv, @Registry@TRegistry@ReadDateTime$qqrx17System@AnsiString, @Registry@TRegistry@WriteDateTime$qqrx17System@AnsiString16System@TDateTime, @Registry@TRegistry@OpenKey$qqrx17System@AnsiStringo, @Registry@TRegistry@SetRootKey$qqrui, @Registry@TRegistry@CloseKey$qqrv, @Registry@TRegistry@$bctr$qqrv, @Registry@TRegistry@<BR>&gt; rtl60.bpl: @Inifiles@initialization$qqrv, @Inifiles@Finalization$qqrv<BR>&gt; rtl60.bpl: @Classes@initialization$qqrv, @Classes@Finalization$qqrv, @Classes@TStringList@<BR>&gt; rtl60.bpl: @Activex@initialization$qqrv, @Activex@Finalization$qqrv<BR>&gt; rtl60.bpl: @Typinfo@initialization$qqrv, @Typinfo@Finalization$qqrv<BR>&gt; rtl60.bpl: @Variants@initialization$qqrv, @Variants@Finalization$qqrv<BR>&gt; rtl60.bpl: @Varutils@initialization$qqrv, @Varutils@Finalization$qqrv<BR>&gt; rtl60.bpl: @Rtlconsts@initialization$qqrv, @Rtlconsts@Finalization$qqrv<BR>&gt; rtl60.bpl: @Dateutils@initialization$qqrv, @Dateutils@Finalization$qqrv, @Dateutils@IncDay$qqrx16System@TDateTimexi, @Dateutils@HourSpan$qqrx16System@TDateTimet1, @Dateutils@SecondOfTheYear$qqrx16System@TDateTime, @Dateutils@DayOf$qqrx16System@TDateTime<BR>&gt; rtl60.bpl: @Math@initialization$qqrv, @Math@Finalization$qqrv<BR>&gt; rtl60.bpl: @Strutils@initialization$qqrv, @Strutils@Finalization$qqrv, @Strutils@AnsiReplaceStr$qqrx17System@AnsiStringt1t1<BR><BR>( 0 exports ) <BR>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3776E4D9002CF0FC7A62007E45C5500035DF15C3
    Code:
    Datei wserving.exe empfangen 2008.05.04 22:04:42 (CET)Antivirus	Version	letzte aktualisierung	Ergebnis
    AhnLab-V3	2008.5.3.0	2008.05.02	Win-Trojan/Xema.variant
    AntiVir	7.8.0.11	2008.05.02	TR/Dldr.Delf.gtj.1
    Authentium	4.93.8	2008.05.02	-
    Avast	4.8.1169.0	2008.05.04	-
    AVG	7.5.0.516	2008.05.03	Downloader.Generic7.HIG
    BitDefender	7.2	2008.05.04	-
    CAT-QuickHeal	9.50	2008.05.03	TrojanDownloader.Delf.gtj
    ClamAV	0.92.1	2008.05.04	Trojan.Downloader-32809
    DrWeb	4.44.0.09170	2008.05.04	-
    eSafe	7.0.15.0	2008.04.28	-
    eTrust-Vet	31.3.5755	2008.05.03	-
    Ewido	4.0	2008.05.04	-
    F-Prot	4.4.2.54	2008.05.04	W32/D_Downloader!GSA
    F-Secure	6.70.13260.0	2008.05.04	Trojan-Downloader.Win32.Delf.gtj
    Fortinet	3.14.0.0	2008.05.04	W32/Delf.GTJ!tr.dldr
    Ikarus	T3.1.1.26	2008.05.04	Trojan-Dropper.Win32.Delf.se
    Kaspersky	7.0.0.125	2008.05.04	Trojan-Downloader.Win32.Delf.gtj
    McAfee	5287	2008.05.02	-
    Microsoft	1.3408	2008.04.22	TrojanDropper:Win32/Delf.SE
    NOD32v2	3072	2008.05.03	-
    Norman	5.80.02	2008.05.02	-
    Panda	9.0.0.4	2008.05.04	-
    Prevx1	V2	2008.05.04	Rootkit
    Rising	20.42.62.00	2008.05.04	-
    Sophos	4.29.0	2008.05.04	Mal/Generic-A
    Sunbelt	3.0.1097.0	2008.05.03	-
    Symantec	10	2008.05.04	-
    TheHacker	6.2.92.300	2008.05.03	-
    VBA32	3.12.6.5	2008.05.03	Trojan-Downloader.Win32.Delf.gtj
    VirusBuster	4.3.26:9	2008.05.03	-
    Webwasher-Gateway	6.6.2	2008.05.04	Trojan.Dldr.Delf.gtj.1
    
    weitere Informationen
    File size: 186368 bytes
    MD5...: ccf5db1dd933ad8f5873f3b7c5cbe72a
    SHA1..: d6deb5508bc3e6bcf0bdff33b8e214e78e70cffa
    SHA256: 913794bf18520e1a8a01b92657c25045ba578d459a832f87173c251fdd68b0dc
    SHA512: 1baf5c85cc9725fbe90742e71cd0775102868b904cf1c5a0415ee162180a1e25<BR>90f6cc2886c3485676d7073754cd10a119547940470aefcaf27871138d0d4289
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x10027974<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x26d3c 0x26e00 6.39 7ee94bc232ed30df67e8ca9ebcf6052d<BR>DATA 0x28000 0x960 0xa00 4.09 0e08eb3dfbc43e737cadd17169db67ac<BR>BSS 0x29000 0xcfd 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0x2a000 0xef2 0x1000 4.67 5c9fad1810cc35cd4afec339ee5b1229<BR>.tls 0x2b000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x2c000 0x18 0x200 0.26 705af593c60c5d4dc2cc3ce81ff045fb<BR>.reloc 0x2d000 0x2824 0x2a00 6.60 0c57359548b31c59bfcfe049365f5471<BR>.rsrc 0x30000 0x2000 0x2000 3.91 afca64850721e5e2b2edf656e64b415c<BR><BR>( 12 imports ) <BR>&gt; kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, CreateFileA, CloseHandle<BR>&gt; user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<BR>&gt; advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>&gt; oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<BR>&gt; kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<BR>&gt; advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey<BR>&gt; kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, TerminateProcess, SystemTimeToFileTime, Sleep, SetFileTime, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LocalFileTimeToFileTime, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalAlloc, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FormatMessageA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateProcessA, CreateFileA, CreateEventA, CompareStringA, CloseHandle<BR>&gt; version.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA<BR>&gt; user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA<BR>&gt; advapi32.dll: StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, ControlService, CloseServiceHandle<BR>&gt; kernel32.dll: Sleep<BR>&gt; oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VarBstrFromBool, VarBstrFromDate, VarBstrFromCy, VarBoolFromStr, VarCyFromStr, VarDateFromStr, VarR8FromStr, VarI4FromStr, VarNot, VarNeg, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit<BR><BR>( 0 exports ) <BR>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=EDB1E15D008B0695D88D02263A740D00C346AF3E

  4. #4
    schrauber
    Gast

    AW: Hijacker/ Trojaner oder so was

    Hi,

    Logfiles werde ich heut abend auswerten, etwas Geduld bitte
    vorab aber eine Frage:

    Logfile of Trend Micro HijackThis v2.0.2
    Boot mode: Safe mode with network support
    warum hast du Hijackthis im abgesicherten Modus ausgeführt? Startet dein Rechner nicht mehr in den normalen Modus?? Wenn möglich zeige mir noch ein HJT-Logfile aus dem normalen Modus.

    gruß

    schrauber

  5. #5
    Forenbenutzer Avatar von chrusty90
    Registriert seit
    04.05.2008
    Beiträge
    47

    AW: Hijacker/ Trojaner oder so was

    Hallo

    vielen Dank.
    Melde dich einfach wenn du das durch hast... Hauptsache die Kiste hier läuft wieder irgendwann richtig.

    Ich muss diese Programme im abgesicherten Modus laufen lassen weil der Virus/Trojaner/Hijacker die Programme sonst wie viele andere einfach mitten drin abstürzen lässt. Von daher kann ich dir leider keine normale Log-File schicken.

  6. #6
    schrauber
    Gast

    AW: Hijacker/ Trojaner oder so was

    Hi,

    Sorry für die lange Wartezeit. So gehts weiter:


    1. Schritt

    Folgende Dateien bitte auch bei Virustotal überprüfen und Ergebnis samt MD5 und SHA1 hier posten. Ebenso im Explorer Die Dateiinformationen ( Version,Hersteller usw ) suchen und in deine nächste Antwort packen:

    Code:
    C:\Windows\iun503.exe
    C:\Windows\S0CA640A5.tmp
    C:\Windows\mgxoschk.ini
    C:\Windows\DIFxAPI.dll
    C:\Windows\HideWin.exe
    C:\Windows\PidList.ini
    C:\Windows\system32\1.tsk
    C:\Windows\system32\tmp0_299761686102.bk


    2. Schritt

    Dienst beenden:
    Start => ausführen => cmd.exe => OK. In der Dos-Box nacheinander die folgenden Befehle ausführen:

    Code:
    sc stop AFinding Service
    sc delete AFinding Service
    sc stop perfmons Service
    sc delete perfmons Service
    sc stop Routing Service
    sc delete Routing Service
    sc stop WServing Service
    sc delete WServing Service
    
    exit
    Rechner neu starten.

    3. Schritt

    Einträge mit HJT fixen

    Starte Hijackthis,klicke do a system scan only und hake die folgenden Kästchen an, falls sie nach Ausführung von Schritt 2 noch vorhanden sein sollten:

    Code:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - Startup: PowerReg Scheduler.exe
    O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
    O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe

    Klicke dann fix checked und poste mir ein frisches Hjt-Logfile.

    4. Schritt

    Navigiere im Windows Explorer zu folgenden Dateien:
    Code:
    
    
    C:\Windows\system32\afinding.exe
    C:\Windows\system32\perfs.exe
    C:\Windows\system32\routing.exe
    C:\Windows\system32\wserving.exe
    
    
    Lösche diese Dateien, und leere danach den Papierkorb.


    poste mir alle Logs in Deine nächste Antwort.


    gruß

    schrauber

  7. #7
    Forenbenutzer Avatar von chrusty90
    Registriert seit
    04.05.2008
    Beiträge
    47

    AW: Hijacker/ Trojaner oder so was

    1. Schritt:

    Vorne weg eine Info: Die Datei S0CA640A5.tmp ist auf meinem Computer nicht mehr wieder aufzufinden.

    Code:
    C:\Windows\iun503.exe
    Dateibeschreibung: Setup Factory 5.0 Uninstall Runtime
    Version: 5.0.0.4
    Copyright: Indigo Rose Corporation
    
    
    C:\Windows\mgxoschk.ini
    Name: mgxoschk.ini
    
    
    
    
    C:\Windows\DIFxAPI.dll
    Beschreibung: Driver Install Frameworks for API library...
    Version: 2.1.0.0
    Copyright: Microsoft Corporation
    
    
    
    
    C:\Windows\HideWin.exe
    Beschreibung: Hide Windows
    Dateiversion: 1.0.0.2
    Produktversion: 1.0.0.1
    Copyright: Realtek Semiconductor Corp.
    
    
    
    
    
    C:\Windows\PidList.ini
    Name: PidList.ini

    Code:
    Datei iun503.exe empfangen 2008.05.09 14:23:52 (CET)Antivirus	Version	letzte aktualisierung	Ergebnis
    AhnLab-V3	2008.5.9.1	2008.05.09	-
    AntiVir	7.8.0.14	2008.05.09	-
    Authentium	4.93.8	2008.05.08	-
    Avast	4.8.1169.0	2008.05.07	-
    AVG	7.5.0.516	2008.05.08	-
    BitDefender	7.2	2008.05.08	-
    CAT-QuickHeal	9.50	2008.05.08	-
    ClamAV	0.92.1	2008.05.09	-
    DrWeb	4.44.0.09170	2008.05.09	-
    eSafe	7.0.15.0	2008.05.09	-
    eTrust-Vet	31.4.5772	2008.05.09	-
    Ewido	4.0	2008.05.09	-
    F-Prot	4.4.2.54	2008.05.08	-
    F-Secure	6.70.13260.0	2008.05.09	-
    Fortinet	3.14.0.0	2008.05.08	-
    Ikarus	T3.1.1.26.0	2008.05.09	-
    Kaspersky	7.0.0.125	2008.05.09	-
    McAfee	5291	2008.05.08	-
    Microsoft	1.3408	2008.05.09	-
    NOD32v2	3088	2008.05.09	-
    Norman	5.80.02	2008.05.08	-
    Panda	9.0.0.4	2008.05.09	-
    Prevx1	V2	2008.05.09	-
    Rising	20.43.42.00	2008.05.09	-
    Sophos	4.29.0	2008.05.09	-
    Sunbelt	3.0.1097.0	2008.05.07	-
    Symantec	10	2008.05.09	-
    TheHacker	6.2.92.305	2008.05.08	-
    VBA32	3.12.6.5	2008.05.08	-
    VirusBuster	4.3.26:9	2008.05.08	-
    Webwasher-Gateway	6.6.2	2008.05.09	-
    
    weitere Informationen
    File size: 286720 bytes
    MD5...: 1c3085e7234a336214a2497525be2eb5
    SHA1..: 23c38f6642dad0d624f324aa29528e35defa6970
    SHA256: f8d10a34f678cd485037586254613000dda65c4428f2ffb795d9153e3b43e259
    SHA512: bec537488a06ba7dede1b07c53d88e8f00f46366122a1bdad861eec1a332cf9a<BR>1e14ff0a98ec9c655e2baaa32a43a20e2bcf0bb8133b18e004acbb9f833ee11d
    PEiD..: Armadillo v1.71
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x40fec3<BR>timedatestamp.....: 0x382888eb (Tue Nov 09 20:49:47 1999)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2a3b3 0x2b000 6.51 d62a14a7eed399c0ed9d7695e9cb17a8<BR>.rdata 0x2c000 0x9ab8 0xa000 4.40 5019d11e12b2739c4b3f8a8705f546c3<BR>.data 0x36000 0x7068 0x3000 4.57 7b5b6d2050fe7d056bfc277b8515b756<BR>.rsrc 0x3e000 0xc718 0xd000 6.20 aa7f23e6b523f35212f751833f3249e9<BR><BR>( 9 imports ) <BR>&gt; KERNEL32.dll: HeapFree, GetTimeZoneInformation, GetACP, TerminateProcess, HeapAlloc, RaiseException, LCMapStringA, LCMapStringW, GetCommandLineA, ExitProcess, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, HeapSize, HeapReAlloc, HeapDestroy, FreeEnvironmentStringsA, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, SizeofResource, GetStartupInfoA, UnhandledExceptionFilter, GetStdHandle, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetFileType, RtlUnwind, GetCurrentDirectoryA, SetCurrentDirectoryA, FindFirstFileA, FindNextFileA, FindClose, GetVersionExA, SetFileAttributesA, DeleteFileA, CopyFileA, GetLastError, FormatMessageA, LocalFree, CreateDirectoryA, lstrcmpA, lstrcpyA, lstrlenA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GetProcessVersion, GetOEMCP, GetCPInfo, TlsGetValue, GlobalFlags, SetErrorMode, GlobalReAlloc, LocalReAlloc, TlsSetValue, LocalAlloc, TlsFree, TlsAlloc, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThread, InitializeCriticalSection, MulDiv, GetFileAttributesA, GetFileTime, GetFileSize, FileTimeToLocalFileTime, FileTimeToSystemTime, LoadResource, FindResourceA, lstrcatA, LockResource, GetVersion, GlobalAddAtomA, GetCurrentThreadId, GlobalGetAtomNameA, GetModuleHandleA, GlobalFindAtomA, GlobalDeleteAtom, IsBadReadPtr, lstrcmpiA, SetLastError, GlobalFree, GetFullPathNameA, lstrcpynA, GetVolumeInformationA, LockFile, SetEndOfFile, UnlockFile, SetFilePointer, CloseHandle, FlushFileBuffers, CreateFileA, WriteFile, ReadFile, WideCharToMultiByte, GetCurrentProcess, DuplicateHandle, CreateProcessA, InterlockedDecrement, InterlockedIncrement, LoadLibraryA, WaitForSingleObject, MultiByteToWideChar, GetPrivateProfileStringA, GetProcAddress, FreeLibrary, GetTempPathA, GetPrivateProfileIntA, Sleep, MoveFileExA, GetModuleFileNameA, WritePrivateProfileStringA, IsBadCodePtr, RemoveDirectoryA, HeapCreate, GetProfileStringA<BR>&gt; USER32.dll: IsDialogMessageA, SetWindowTextA, ShowWindow, LoadStringA, GetClassNameA, PtInRect, LoadCursorA, GetSysColorBrush, DestroyMenu, InflateRect, GetWindowDC, ClientToScreen, SetCursor, PostQuitMessage, EndDialog, CreateDialogIndirectParamA, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetNextDlgTabItem, GetMessageA, GetActiveWindow, ValidateRect, GetCursorPos, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, GetFocus, SetActiveWindow, IsWindow, SetFocus, AdjustWindowRectEx, ScreenToClient, SetDlgItemTextA, CopyRect, IsWindowVisible, BeginPaint, GetTopWindow, GetCapture, WinHelpA, GetClassInfoA, RegisterClassA, GetSubMenu, GetMenuItemID, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, CharUpperA, RegisterWindowMessageA, EnableWindow, PeekMessageA, TranslateMessage, DispatchMessageA, SetForegroundWindow, IsIconic, GetSystemMetrics, GetClientRect, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, DrawIcon, GetDC, ReleaseDC, LoadImageA, SendMessageA, InvalidateRect, PostMessageA, DestroyIcon, LoadIconA, MessageBoxA, wsprintfA, GetMenuItemCount, GetMenu, UnregisterClassA, IsWindowUnicode, CharNextA, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, ShowCaret, HideCaret<BR>&gt; GDI32.dll: CreatePalette, RealizePalette, GetDeviceCaps, SetTextColor, SetBkColor, GetClipBox, CreateBitmap, DeleteDC, GetObjectA, SaveDC, RestoreDC, SelectPalette, SetBkMode, SelectObject, SetStretchBltMode, SetViewportOrgEx, OffsetViewportOrgEx, SetMapMode, ScaleViewportExtEx, SetViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, IntersectClipRect, GetDIBits, DeleteObject, CreateSolidBrush, RectVisible, TextOutA, PtVisible, Escape, PatBlt, ExtTextOutA, BitBlt, GetTextExtentPointA, CreateDIBitmap, GetStretchBltMode, CreateCompatibleDC, CreateHalftonePalette, StretchDIBits, GetStockObject<BR>&gt; comdlg32.dll: GetFileTitleA<BR>&gt; WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA<BR>&gt; ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegDeleteKeyA, RegEnumKeyExA, RegOpenKeyExA, RegDeleteValueA, RegQueryValueExA<BR>&gt; SHELL32.dll: ShellExecuteA, SHChangeNotify<BR>&gt; COMCTL32.dll: -<BR>&gt; ole32.dll: CoUninitialize, CoInitialize, CoCreateInstance<BR><BR>( 0 exports ) <BR>
    
    
    
    
    
    
    Datei mgxoschk.ini empfangen 2008.05.09 18:29:14 (CET)Antivirus	Version	letzte aktualisierung	Ergebnis
    AhnLab-V3	2008.5.9.1	2008.05.09	-
    AntiVir	7.8.0.14	2008.05.09	-
    Authentium	4.93.8	2008.05.08	-
    Avast	4.8.1169.0	2008.05.07	-
    AVG	7.5.0.516	2008.05.08	-
    BitDefender	7.2	2008.05.08	-
    CAT-QuickHeal	9.50	2008.05.08	-
    ClamAV	0.92.1	2008.05.09	-
    DrWeb	4.44.0.09170	2008.05.09	-
    eSafe	7.0.15.0	2008.05.09	-
    eTrust-Vet	31.4.5771	2008.05.08	-
    Ewido	4.0	2008.05.09	-
    F-Prot	4.4.2.54	2008.05.08	-
    F-Secure	6.70.13260.0	2008.05.09	-
    Fortinet	3.14.0.0	2008.05.08	-
    Ikarus	T3.1.1.26	2008.05.09	-
    Kaspersky	7.0.0.125	2008.05.09	-
    McAfee	5291	2008.05.08	-
    Microsoft	1.3408	2008.05.09	-
    NOD32v2	3088	2008.05.09	-
    Norman	5.80.02	2008.05.08	-
    Panda	9.0.0.4	2008.05.09	-
    Prevx1	V2	2008.05.09	-
    Rising	20.43.42.00	2008.05.09	-
    Sophos	4.29.0	2008.05.09	-
    Sunbelt	3.0.1097.0	2008.05.07	-
    Symantec	10	2008.05.09	-
    TheHacker	6.2.92.305	2008.05.08	-
    VBA32	3.12.6.5	2008.05.08	-
    VirusBuster	4.3.26:9	2008.05.08	-
    Webwasher-Gateway	6.6.2	2008.05.09	-
    
    weitere Informationen
    File size: 6768 bytes
    MD5...: 674f5c6780639b37dfbde53a97d0c2ec
    SHA1..: 9214d2d662f8c45bb37fa487f2a4945ea493136b
    SHA256: ca483eed460fcbdd2d038e85011245f4188e681b3b74aa913cbb3a25ebfa9bee
    SHA512: 11cd3eecea5946f865f565e9fb993ce92c394b6ad24a825a964dec0af7d0802d<BR>b9d65df815aa59941b2e7ac1e8bc0e70b78b1dc0b034d3aa31b0fa76fa323326
    PEiD..: -
    PEInfo: -
    
    
    
    
    
    
    
    
    
    Datei DIFxAPI.dll empfangen 2008.05.09 18:31:51 (CET)Antivirus	Version	letzte aktualisierung	Ergebnis
    AhnLab-V3	2008.5.9.1	2008.05.09	-
    AntiVir	7.8.0.14	2008.05.09	-
    Authentium	4.93.8	2008.05.08	-
    Avast	4.8.1169.0	2008.05.07	-
    AVG	7.5.0.516	2008.05.08	-
    BitDefender	7.2	2008.05.08	-
    CAT-QuickHeal	9.50	2008.05.08	-
    ClamAV	0.92.1	2008.05.09	-
    DrWeb	4.44.0.09170	2008.05.09	-
    eSafe	7.0.15.0	2008.05.09	-
    eTrust-Vet	31.4.5771	2008.05.08	-
    Ewido	4.0	2008.05.09	-
    F-Prot	4.4.2.54	2008.05.08	-
    F-Secure	6.70.13260.0	2008.05.09	-
    Fortinet	3.14.0.0	2008.05.08	-
    Ikarus	T3.1.1.26.0	2008.05.09	-
    Kaspersky	7.0.0.125	2008.05.09	-
    McAfee	5291	2008.05.08	-
    Microsoft	1.3408	2008.05.09	-
    NOD32v2	3088	2008.05.09	-
    Norman	5.80.02	2008.05.08	-
    Panda	9.0.0.4	2008.05.09	-
    Prevx1	V2	2008.05.09	-
    Rising	20.43.42.00	2008.05.09	-
    Sophos	4.29.0	2008.05.09	-
    Sunbelt	3.0.1097.0	2008.05.07	-
    Symantec	10	2008.05.09	-
    TheHacker	6.2.92.305	2008.05.08	-
    VBA32	3.12.6.5	2008.05.08	-
    VirusBuster	4.3.26:9	2008.05.08	-
    Webwasher-Gateway	6.6.2	2008.05.09	-
    
    weitere Informationen
    File size: 319456 bytes
    MD5...: 1bd976dd77b31fe0f25708ad5c1351ae
    SHA1..: 50d075688835df04484f0b93792a530cb47a1872
    SHA256: b3c28941ceb057de44d9c322a38bb0f63c62d7ffbd91cf7970964413978f8eb7
    SHA512: d58c2be88941c15214c51c59923437863a94db7b8080ead69017f7cce19d256d<BR>be4d1d8498762476c75c26773dfba1aaff3bed615589ebf4b39df78df1b50b35
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x6102a65c<BR>timedatestamp.....: 0x4549ad56 (Thu Nov 02 08:33:26 2006)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x45fbc 0x46000 6.31 e2dff57641b43b780eb0d2ec40447afc<BR>.data 0x47000 0x33a4 0x1400 3.51 106088efc08174e11b49f0f1b042af6f<BR>.rsrc 0x4b000 0x6d0 0x800 4.00 792a198074c0561d80b0aba87277694e<BR>.reloc 0x4c000 0x4240 0x4400 5.01 bade17ce473ef1d84bd1a70dce28a85d<BR><BR>( 8 imports ) <BR>&gt; ntdll.dll: RtlUnwind, RtlNtStatusToDosError, VerSetConditionMask<BR>&gt; KERNEL32.dll: VerifyVersionInfoW, GetVersionExW, lstrlenW, FreeLibrary, GetProcAddress, LoadLibraryW, DeleteFileW, SetFileAttributesW, GetEnvironmentVariableW, CompareStringW, GetFileAttributesW, MoveFileExW, GetTempFileNameW, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetFileSize, CreateFileW, GetSystemWindowsDirectoryW, MultiByteToWideChar, WideCharToMultiByte, GetFullPathNameW, CopyFileW, LocalFree, RemoveDirectoryW, FindClose, FindNextFileW, lstrcmpW, FindFirstFileW, CreateDirectoryW, LocalReAlloc, LocalAlloc, GetProcessHeap, ReleaseMutex, GetSystemDirectoryW, DeviceIoControl, WaitForSingleObject, CreateMutexW, GetSystemTimeAsFileTime, Sleep, RaiseException, GetVersionExA, HeapSize, GetCommandLineA, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetModuleHandleA, ExitProcess, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, WriteFile, GetCPInfo, GetACP, GetOEMCP, LCMapStringA, LCMapStringW, LoadLibraryA, SetFilePointer, GetConsoleCP, GetConsoleMode, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, FlushFileBuffers, CreateFileA, GetThreadLocale, WaitForMultipleObjects, InterlockedCompareExchange, SetEvent, CreateEventW, SetEndOfFile, SetLastError, InterlockedExchange, lstrcmpiW, InterlockedDecrement, GetLastError, InterlockedIncrement, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, HeapFree, HeapReAlloc, EnterCriticalSection, HeapAlloc, LeaveCriticalSection, HeapDestroy, GetModuleHandleW, DeleteCriticalSection, GetModuleFileNameA, OutputDebugStringA, HeapCreate, InitializeCriticalSection, TlsGetValue<BR>&gt; USER32.dll: UnregisterClassA, CharLowerW, CharPrevW<BR>&gt; SETUPAPI.dll: CM_Query_And_Remove_SubTreeW, SetupDiSetDeviceRegistryPropertyW, SetupQueueCopyIndirectW, SetupDiCallClassInstaller, SetupDiBuildDriverInfoList, SetupDiSetDeviceInstallParamsW, SetupDiGetDeviceInstallParamsW, SetupDiSetSelectedDevice, SetupDiOpenDeviceInfoW, SetupDiOpenDevRegKey, SetupDiGetDeviceInstanceIdW, SetupDiCreateDeviceInfoList, SetupDiGetDriverInfoDetailW, SetupDiGetSelectedDriverW, SetupDiSetClassInstallParamsW, SetupDiClassNameFromGuidW, CM_Get_Device_ID_ListW, CM_Get_Device_ID_List_SizeW, CM_Locate_DevNodeW, CM_Get_DevNode_Status, CM_Setup_DevNode, SetupDiGetDeviceRegistryPropertyW, SetupGetTargetPathW, SetupInstallFilesFromInfSectionW, SetupPromptReboot, SetupInstallFromInfSectionW, SetupInstallServicesFromInfSectionW, SetupDiGetActualSectionToInstallW, SetupFindNextLine, SetupFindNextMatchLineW, SetupOpenInfFileW, SetupOpenFileQueue, SetupCommitFileQueueW, SetupQueueCopyW, SetupCloseFileQueue, SetupGetLineCountW, SetupCloseInfFile, SetupFindFirstLineW, SetupGetFieldCount, SetupGetIntField, CM_Enumerate_Classes, SetupDiEnumDeviceInfo, SetupInitDefaultQueueCallbackEx, SetupDefaultQueueCallbackW, SetupDiGetClassDevsW, SetupDiOpenClassRegKey, CM_Get_Device_IDW, SetupDiDestroyDeviceInfoList, SetupGetStringFieldW, pSetupGetGlobalFlags, pSetupSetGlobalFlags, SetupOpenAppendInfFileW, SetupCopyOEMInfW, SetupTermDefaultQueueCallback<BR>&gt; ADVAPI32.dll: FreeSid, CheckTokenMembership, AllocateAndInitializeSid, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegOpenKeyExW, RegDeleteValueW, RegQueryValueExW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, SetEntriesInAclW, QueryServiceStatus, DeleteService, ControlService, CloseServiceHandle, OpenServiceW, OpenSCManagerW, StartServiceW, RegCloseKey<BR>&gt; ole32.dll: StringFromCLSID, CoTaskMemFree, CoInitialize, CoUninitialize, CoCreateInstance<BR>&gt; WINTRUST.dll: CryptCATAdminCalcHashFromFileHandle, WinVerifyTrust<BR>&gt; CRYPT32.dll: CertFreeCertificateContext, CertGetCTLContextProperty, CryptQueryObject, CertFreeCTLContext<BR><BR>( 12 exports ) <BR>DIFXAPISetLogCallbackA, DIFXAPISetLogCallbackW, DriverPackageGetPathA, DriverPackageGetPathW, DriverPackageInstallA, DriverPackageInstallW, DriverPackagePreinstallA, DriverPackagePreinstallW, DriverPackageUninstallA, DriverPackageUninstallW, SetDifxLogCallbackA, SetDifxLogCallbackW<BR>
    
    
    
    
    
    
    Datei HideWin.exe empfangen 2008.05.09 18:39:30 (CET)Antivirus	Version	letzte aktualisierung	Ergebnis
    AhnLab-V3	2008.5.9.1	2008.05.09	-
    AntiVir	7.8.0.14	2008.05.09	-
    Authentium	4.93.8	2008.05.08	-
    Avast	4.8.1169.0	2008.05.07	-
    AVG	7.5.0.516	2008.05.08	-
    BitDefender	7.2	2008.05.08	-
    CAT-QuickHeal	9.50	2008.05.08	-
    ClamAV	0.92.1	2008.05.09	-
    DrWeb	4.44.0.09170	2008.05.09	-
    eSafe	7.0.15.0	2008.05.09	-
    eTrust-Vet	31.4.5772	2008.05.09	-
    Ewido	4.0	2008.05.09	-
    F-Prot	4.4.2.54	2008.05.08	-
    F-Secure	6.70.13260.0	2008.05.09	-
    Fortinet	3.14.0.0	2008.05.08	-
    Ikarus	T3.1.1.26.0	2008.05.09	-
    Kaspersky	7.0.0.125	2008.05.09	-
    McAfee	5291	2008.05.08	-
    Microsoft	1.3408	2008.05.09	-
    NOD32v2	3088	2008.05.09	-
    Norman	5.80.02	2008.05.08	-
    Panda	9.0.0.4	2008.05.09	-
    Prevx1	V2	2008.05.09	-
    Rising	20.43.42.00	2008.05.09	-
    Sophos	4.29.0	2008.05.09	-
    Sunbelt	3.0.1097.0	2008.05.07	-
    Symantec	10	2008.05.09	-
    TheHacker	6.2.92.305	2008.05.08	-
    VBA32	3.12.6.5	2008.05.08	-
    VirusBuster	4.3.26:9	2008.05.08	-
    Webwasher-Gateway	6.6.2	2008.05.09	-
    
    weitere Informationen
    File size: 315392 bytes
    MD5...: 2d65f8db74c36819896cf809e4375f0a
    SHA1..: 3bb8f07c42350509a123b9ad86bb6582856d1f91
    SHA256: a3630d792b7d3b237098d1e608dbbd844a3c31b4ebd4cab1d7d4e440524df000
    SHA512: 0766b2d1a242cabf4636ef88c4d553cf876f0f5d554d654bac33f803592632eb<BR>391fd988a89e591c58132b9a76329684196b53073366ae3796011c8beb387919
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x41efa3<BR>timedatestamp.....: 0x459cd644 (Thu Jan 04 10:26:12 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x31ea4 0x32000 6.65 1b02d65e0fb9fa24d9818b8c964f2767<BR>.rdata 0x33000 0xc494 0xd000 4.84 53f0815506b7c5b1941ac02d833421a7<BR>.data 0x40000 0x6474 0x3000 3.79 a1e344d86ac731c49c35215502406660<BR>.rsrc 0x47000 0x9324 0xa000 4.97 91774935a4ba8efc53091796c03ca17b<BR><BR>( 11 imports ) <BR>&gt; KERNEL32.dll: GetFileTime, GetCPInfo, GetOEMCP, GetTickCount, HeapAlloc, HeapFree, HeapReAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, RtlUnwind, GetProcessHeap, GetStartupInfoA, RaiseException, ExitProcess, HeapSize, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetACP, GetFileAttributesA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetTimeZoneInformation, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEnvironmentVariableA, FileTimeToLocalFileTime, SetErrorMode, FileTimeToSystemTime, GlobalFlags, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GetVersionExA, InterlockedDecrement, GetModuleFileNameW, WritePrivateProfileStringA, CreateFileA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, GetCurrentProcess, DuplicateHandle, GetThreadLocale, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, FreeResource, GetCurrentProcessId, GlobalAddAtomA, CloseHandle, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetModuleFileNameA, EnumResourceLanguagesA, GetLocaleInfoA, LoadLibraryA, lstrcmpA, FreeLibrary, GlobalDeleteAtom, GetModuleHandleA, GetProcAddress, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, FindResourceA, LoadResource, LockResource, SizeofResource, MulDiv, SetLastError, CreateThread, GetCommandLineA, Sleep, lstrlenA, CompareStringW, CompareStringA, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, FreeEnvironmentStringsA, InterlockedExchange<BR>&gt; USER32.dll: DestroyMenu, RegisterClipboardFormatA, PostThreadMessageA, ReleaseCapture, SetCapture, LoadCursorA, GetSysColorBrush, MoveWindow, SetWindowTextA, IsDialogMessageA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, IsChild, GetCapture, GetClassLongA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextLengthA, GetForegroundWindow, GetTopWindow, GetMessageTime, GetMessagePos, MapWindowPoints, UpdateWindow, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, GetSysColor, AdjustWindowRectEx, EqualRect, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, UnhookWindowsHookEx, SetWindowContextHelpId, MapDialogRect, CreateDialogIndirectParamA, DestroyWindow, IsWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, GetWindowThreadProcessId, GetWindow, CharUpperA, SetWindowPos, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, MessageBoxA, SetCursor, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, UnregisterClassA, MessageBeep, GetNextDlgGroupItem, InvalidateRgn, GetKeyState, PeekMessageA, InvalidateRect, SetRect, IsRectEmpty, CopyAcceleratorTableA, CharNextA, GetWindowRect, SetForegroundWindow, SetActiveWindow, ShowWindow, PostMessageA, FindWindowExA, GetDesktopWindow, GetWindowTextA, DrawIcon, SendMessageA, IsIconic, GetClientRect, LoadIconA, GetSystemMetrics, EnableWindow, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, PostQuitMessage, CheckMenuItem, EnableMenuItem, ModifyMenuA, GetParent, GetFocus, LoadBitmapA, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, ValidateRect, GetCursorPos, GetClassNameA<BR>&gt; GDI32.dll: ExtSelectClipRgn, DeleteDC, GetStockObject, GetBkColor, GetTextColor, CreateRectRgnIndirect, GetRgnBox, GetMapMode, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, TextOutA, GetDeviceCaps, PtVisible, GetWindowExtEx, GetViewportExtEx, DeleteObject, SetMapMode, RestoreDC, SaveDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, RectVisible<BR>&gt; comdlg32.dll: GetFileTitleA<BR>&gt; WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter<BR>&gt; ADVAPI32.dll: RegEnumKeyA, RegSetValueExA, RegCreateKeyExA, RegQueryValueA, RegCloseKey, RegDeleteKeyA, RegOpenKeyExA, RegQueryValueExA, RegOpenKeyA<BR>&gt; COMCTL32.dll: -<BR>&gt; SHLWAPI.dll: PathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA<BR>&gt; oledlg.dll: -<BR>&gt; ole32.dll: OleInitialize, CoFreeUnusedLibraries, OleUninitialize, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CLSIDFromString, CoRevokeClassObject, CoTaskMemAlloc, CoTaskMemFree, OleIsCurrentClipboard, OleFlushClipboard, CoRegisterMessageFilter, CLSIDFromProgID<BR>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -<BR><BR>( 0 exports ) <BR>
    
    
    
    
    
    
    
    Datei PidList.ini empfangen 2008.05.09 18:41:13 (CET)Antivirus	Version	letzte aktualisierung	Ergebnis
    AhnLab-V3	2008.5.9.1	2008.05.09	-
    AntiVir	7.8.0.14	2008.05.09	-
    Authentium	4.93.8	2008.05.08	-
    Avast	4.8.1169.0	2008.05.07	-
    AVG	7.5.0.516	2008.05.08	-
    BitDefender	7.2	2008.05.08	-
    CAT-QuickHeal	9.50	2008.05.08	-
    ClamAV	0.92.1	2008.05.09	-
    DrWeb	4.44.0.09170	2008.05.09	-
    eSafe	7.0.15.0	2008.05.09	-
    eTrust-Vet	31.4.5772	2008.05.09	-
    Ewido	4.0	2008.05.09	-
    F-Prot	4.4.2.54	2008.05.08	-
    F-Secure	6.70.13260.0	2008.05.09	-
    Fortinet	3.14.0.0	2008.05.08	-
    Ikarus	T3.1.1.26.0	2008.05.09	-
    Kaspersky	7.0.0.125	2008.05.09	-
    McAfee	5291	2008.05.08	-
    Microsoft	1.3408	2008.05.09	-
    NOD32v2	3088	2008.05.09	-
    Norman	5.80.02	2008.05.08	-
    Panda	9.0.0.4	2008.05.09	-
    Prevx1	V2	2008.05.09	-
    Rising	20.43.42.00	2008.05.09	-
    Sophos	4.29.0	2008.05.09	-
    Sunbelt	3.0.1097.0	2008.05.07	-
    Symantec	10	2008.05.09	-
    TheHacker	6.2.92.305	2008.05.08	-
    VBA32	3.12.6.5	2008.05.08	-
    VirusBuster	4.3.26:9	2008.05.08	-
    Webwasher-Gateway	6.6.2	2008.05.09	-
    
    weitere Informationen
    File size: 36 bytes
    MD5...: e11826e4b7c797677df11db14a7de826
    SHA1..: ef5c6b0529de3d018f9770833ef9b4cba7bbf28d
    SHA256: 88ee594f85815d278a8002eb1f543e16752eaa7d7e5fbbfbfbb9305a121cc4be
    SHA512: e6b4045f47b15ed1ab051153cf782efe88b93b9bacd49af445597eaa816428ad<BR>f2040db717d6b54f046083f829855fdfa898c77176276ca9ed67dbd1aa21f4b2
    PEiD..: -
    PEInfo: -
    
    
    
    
    
    
    
    
    Datei 1.tsk empfangen 2008.05.09 18:43:13 (CET)Antivirus	Version	letzte aktualisierung	Ergebnis
    AhnLab-V3	2008.5.9.1	2008.05.09	-
    AntiVir	7.8.0.14	2008.05.09	-
    Authentium	4.93.8	2008.05.08	-
    Avast	4.8.1169.0	2008.05.07	-
    AVG	7.5.0.516	2008.05.08	-
    BitDefender	7.2	2008.05.08	-
    CAT-QuickHeal	9.50	2008.05.08	-
    ClamAV	0.92.1	2008.05.09	-
    DrWeb	4.44.0.09170	2008.05.09	-
    eSafe	7.0.15.0	2008.05.09	-
    eTrust-Vet	31.4.5771	2008.05.08	-
    Ewido	4.0	2008.05.09	-
    F-Prot	4.4.2.54	2008.05.08	-
    F-Secure	6.70.13260.0	2008.05.09	-
    Fortinet	3.14.0.0	2008.05.08	-
    Ikarus	T3.1.1.26.0	2008.05.09	-
    Kaspersky	7.0.0.125	2008.05.09	-
    McAfee	5291	2008.05.08	-
    Microsoft	1.3408	2008.05.09	-
    NOD32v2	3088	2008.05.09	-
    Norman	5.80.02	2008.05.08	-
    Panda	9.0.0.4	2008.05.09	-
    Prevx1	V2	2008.05.09	-
    Rising	20.43.42.00	2008.05.09	-
    Sophos	4.29.0	2008.05.09	-
    Sunbelt	3.0.1097.0	2008.05.07	-
    Symantec	10	2008.05.09	-
    TheHacker	6.2.92.305	2008.05.08	-
    VBA32	3.12.6.5	2008.05.08	-
    VirusBuster	4.3.26:9	2008.05.08	-
    Webwasher-Gateway	6.6.2	2008.05.09	-
    
    weitere Informationen
    File size: 139 bytes
    MD5...: fe1a30a4ce3a18b50bb1e05b0ac4ef6d
    SHA1..: 72423a38e830e8253b10406b9cd5ffe7066bf28e
    SHA256: 4243a8800a4d17326190dd9a217935773a96b11ff39245cd1207fd91be269d07
    SHA512: d9f5fdc283ce49f5a6f11a6dff2c80d11bd8bd7460776525bc68641d55c2eecf<BR>72752cf99d04077f6d415efed105758fcdf9d7ed1ecce068fb903c9a5131b9b1
    PEiD..: -
    PEInfo: -
    
    
    
    
    
    
    
    
    Datei tmp0_299761686102.bk empfangen 2008.05.09 18:46:39 (CET)Antivirus	Version	letzte aktualisierung	Ergebnis
    AhnLab-V3	2008.5.9.1	2008.05.09	-
    AntiVir	7.8.0.14	2008.05.09	-
    Authentium	4.93.8	2008.05.08	-
    Avast	4.8.1169.0	2008.05.07	-
    AVG	7.5.0.516	2008.05.08	-
    BitDefender	7.2	2008.05.08	-
    CAT-QuickHeal	9.50	2008.05.08	-
    ClamAV	0.92.1	2008.05.09	-
    DrWeb	4.44.0.09170	2008.05.09	-
    eSafe	7.0.15.0	2008.05.09	-
    eTrust-Vet	31.4.5771	2008.05.08	-
    Ewido	4.0	2008.05.09	-
    F-Prot	4.4.2.54	2008.05.08	-
    F-Secure	6.70.13260.0	2008.05.09	-
    Fortinet	3.14.0.0	2008.05.08	-
    Ikarus	T3.1.1.26.0	2008.05.09	-
    Kaspersky	7.0.0.125	2008.05.09	-
    McAfee	5291	2008.05.08	-
    Microsoft	1.3408	2008.05.09	-
    NOD32v2	3088	2008.05.09	-
    Norman	5.80.02	2008.05.08	-
    Panda	9.0.0.4	2008.05.09	-
    Prevx1	V2	2008.05.09	-
    Rising	20.43.42.00	2008.05.09	-
    Sophos	4.29.0	2008.05.09	-
    Sunbelt	3.0.1097.0	2008.05.07	VIPRE.Suspicious
    Symantec	10	2008.05.09	-
    TheHacker	6.2.92.305	2008.05.08	-
    VBA32	3.12.6.5	2008.05.08	-
    VirusBuster	4.3.26:9	2008.05.08	-
    Webwasher-Gateway	6.6.2	2008.05.09	Win32.Malware.dam (suspicious)
    
    weitere Informationen
    File size: 108634 bytes
    MD5...: 0a171cf2bfc55ff6c05a945df1fcc8ec
    SHA1..: 5dc05a976d905da9513899a180f7395d61f3fb3a
    SHA256: ab90de5494399e6eb35ed4821db3d8a3998155d54326834e6239e3cbb04e30ed
    SHA512: f8593217b88fdf37ff38e36b92bd04f5dc983ae2a049dc0dc59d756314594368<BR>e3bd301a5719c46c4f75e786ce6c1986941590d7fceac02337f896f895b2d525
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x437310<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x36b0c 0x36c00 6.17 2475753292ef0e0745fbad9bb07def52<BR>DATA 0x38000 0xd44 0xe00 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>BSS 0x39000 0x7bd 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0x3a000 0x411a 0x4200 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.reloc 0x3f000 0x4448 0x4600 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rsrc 0x44000 0x2e00 0x2e00 0.00 d41d8cd98f00b204e9800998ecf8427e<BR><BR>( 0 imports ) <BR><BR>( 0 exports ) <BR>
    packers (Kaspersky): PE_Patch


    2. Schritt:

    Ausgeführt
    Allerdings meinte er bei dem "stop" Befehl immer was von falschen Parametern... Der Befehl "delete" wurde aber immer mit Erfolg ausgeführt.




    3. Schritt:

    Konnte nur noch die ersten beiden fixen da der Rest schon weg war wie du angenommen hattest.
    Hier die frische Logfile:

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:48:33, on 09.05.2008
    Platform: Windows Vista  (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Safe mode with network support
    
    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
    O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing)
    O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing)
    O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 (file missing) (HKCU)
    O13 - Gopher Prefix: 
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
    O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    
    --
    End of file - 9443 bytes


    4. Schritt:

    ausgeführt
    Geändert von chrusty90 (10.05.2008 um 14:44 Uhr) Grund: Tippfehler

  8. #8
    schrauber
    Gast

    AW: Hijacker/ Trojaner oder so was

    Hi,

    Bin dabei deine Logs auszuwerten. Berichte Mir in der Zwischenzeit was das Arbeitem im normalen Modus macht, da ich sehe, dass das HJT-Log immernoch im abgesicherten Modus durchgeführt wurde.



    gruß

    schrauber

  9. #9
    schrauber
    Gast

    AW: Hijacker/ Trojaner oder so was

    Hi,

    Kleine Anmerkung:

    Bitte führe alle Programme im Normalmodus aus, ausser es wird der abgesicherte Modus verlangt. Den abgesicherten Modus in der Regel immer mit Netzwerkanbindung ausführen, ausser es wird in einer Anleitung anders verlangt.
    Dies ist für die volle Funktionalität der Programme sehr wichtig!


    1. Schritt

    Navigiere zu Start - Suchen, und tippe dort bei Dateien/Ordner folgendes ein:

    INDT2.SYS

    Wenn Du ein Suchergebniss hast, lasse die gefundene Datei ( nicht die im Prefetch-Ordner ) Online wie schon beschrieben bei Virustotal scannen und poste das Ergebnis.

    Ebenso diese Datei:

    C:\Windows\system32\andt.sys


    2. Schritt
    Einige Scans auf Dateien, Prozesse und Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):
    • alle anderen Scanner gegen Viren, Spyware, usw deaktiviert sein
    • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen)
    • nichts am Rechner getan werden
    • nach jedem Scan der Rechner neu gestartet werden
    Gmer scannen lassen
    • Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.
    • Starte gmer.exe. Alle anderen Programme sollen geschlossen sein.
    • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
    • Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
    • Füge das Log aus der Zwischenablage in deine Antwort hier ein.
    Catchme scannen lassen
    • Lade dir Catchme runter auf deinen Desktop.
    • Starte Catchme.exe. Alle anderen Programme sollen geschlossen sein. Mit "Scan" starten.
    • Falls nach dem Ende des Scans im Fenster Dateien stehen, dann klicke auf "Zip" damit eine Kopie dieser Dateien erzeugt wird. Die Dateien werden dabei nicht entfernt.
    • Das Log ist in catchme.log, füge es vollständig in deine Antwort ein.
    RootkitRevealer scannen lassen
    • Lade RootkitRevealer runter und entpacke das Archiv in einen eigenen Ordner, z.B. C:\programme\rootkitrevealer.
    • Starte in diesem Ordner RootkitRevealer.exe. Alle anderen Programme schließen.
    • Starte durch Klick auf "Scan".
    • Wenn der Scan fertig ist das Logfile mit File -> Save abspeichern.
    Blacklight scannen lassen
    • Lade F-Secure Blacklight herunter in einen eigenen Ordner, z.B. C:\programme\blacklight.
    • Starte in diesem Ordner fsbl.exe. Alle anderen Programme schließen.
    • Klick "I accept the agreement", "next", "Scan".
    • Wenn der Scan fertig ist beende Blacklight mit "Close".
    • Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern.

    Scanner wieder einschalten, bevor Du ins Netz gehst!
    -> Nun bitte alle Logs posten.

    3. Schritt

    CCleaner installieren und einstellen
    • CCleaner herunterladen und ohne die Toolbar installieren (klicke die Toolbar weg!).
    • CCleaner starten und => unter options settings => german einstellen.
    • Gehe auf den Button links oben "Cleaner" => Reiter "Windows"
      setze Häkchen wie folgt:
      alle außer "Eingabefeld Verlauf" und bei
      Erweitert nur ein Häkchen bei "Alte Prefetchdaten" und "Benutzerdefinierte Dateien und Ordner".
    • Wechsel zum Reiter "Anwendungen",
      dort alle Häkchen setzen außer bei Firefox/Mozilla (falls vorhanden) "Gespeicherte Formulardaten".
    Bestimmte Cookies von der Bereinigung ausschließen
    Einstellungen => Cookies => Cookies, die Du behalten möchtest, mit dem Pfeilbutton in der Mitte nach rechts befördern. Auf diese Weise ist gesichert, dass wichtige Cookies bei der Bereinigung mit CCleaner nicht verloren gehen.

    Temporäre Dateien und zusätzliche Ordner bereinigen lassen
    Einstellungen => Benutzerdefiniert => Zu bereinigende Dateien und Ordner => Ordner hinzufügen =>
    Code:
    C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\*.*
    C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Temp\*.*
    C:\Dokumente und Einstellungen\Christian\Lokale Einstellungen\Temp\*.*
    C:\Dokumente und Einstellungen\Jasmin\Lokale Einstellungen\Temp\*.*
    C:\Dokumente und Einstellungen\tester\Lokale Einstellungen\Temp\*.*
    C:\Windows\Temp\*.*
    Starte nun die Bereinigung, indem Du auf den Button "Analysieren" klickst. Wenn die Analyse fertig ist, klicke auf den Button "Starte CCleaner". Achte hier mal darauf, wie viele MB bei der Bereinigung entfernt wurden und teile uns das mit.

    Registry mit CCleaner bereinigen
    Gehe links auf den Button "Einstellungen" und kontrolliere, ob bei "Erweitert" ein Haken bei "Zeige Aufforderung für ein Backup der Registry" vorhanden ist, falls nicht, bitte anhaken. Zur Registry-Bereinigung klicke links auf "Registry", setze alle Häkchen und starte die Suche unten mit dem Button "nach Fehlern suchen". Die gefundenen Fehler kannst Du durch den Button "Fehler beheben" entfernen lassen. Diesen Vorgang wiederholen, bis keine Fehler mehr gefunden werden. Teile uns hier mit, wie viele Fehler bereinigt wurden.

    Uninstall-Liste mit CCleaner erstellen
    Extras => Programme deinstallieren => Als Textdatei speichern => diese Datei hier posten. Schreibe bitte "OK" bei den Programmen dahinter, die Dir bekannt sind und die Du selbst installiert hast. Schreibe "kann weg" bei den Programmen dahinter, die Du nicht mehr brauchst. Schreibe "unbekannt" bei Programmen, die Dir gar nichts sagen.

    Hier kannst Du über "Eintrag entfernen" alte Einträge von Programmen entfernen, die bereits deinstalliert wurden, aber aus irgendeinem Grunde einen Uninstall-Eintrag hinterlassen haben.


    Über CCleaner
    CCleaner (Crap Cleaner) ist ein kostenloses PC Optimierungs-Tool für Windows 98/NT4/ME/2000/XP/2003/Vista. CCleaner löscht unnötige Dateien und säubert die Registrierung. Falls noch Fragen offen sind schaue Dir die Screenshots und die Quick-Tour an oder frage mich. Deutsche und bebilderte CCleaner-Anleitungen findest Du u. a. bei ccleaner.de, WinFuture oder bei CHIP Online.

    Hinweis für Vista-User: Bitte das Programm als Admin starten.

    4. Schritt

    Drucke diese Anleitung aus oder speichere sie als *.txt Datei, damit du sie bei der Hand hast, wenn du offline arbeitest. Lies sie bitte gruendlich durch bevor du sie anwendest.
    Downloade das Combofix, von einem dieser beiden Download Spiegel:

    BleepingComputer
    Forospyware
    GeeksToGo

    Sollten die Links nicht funktionieren
    und/oder es zu Problemen mit dem Starten des Programmes kommen,
    frag bitte bei uns nach
    und teile uns detailliert mit, was passiert ist.

    • speichere es auf deinem Desktop.
    Während des Scans mit dem ComboFix soll(en):
    • vorsichtshalber alle Programme mit Hintergrundwaechtern inklusive deiner Firewall deaktiviert sein
    (Liste der zu deaktivierenden Programme)
    • nichts am Rechner getan werden
    • Schliesse alle Anwendungen, wenn du das Combofix laufen lässt.
    • Wird eine Infektion gefunden, startet das Combofix deinen Rechner automatisch neu auf, um die Entfernung zu vervollständigen.
    • Schliesse dieses Fenster bitte nicht, sonst wirst du einen leeren Desktop zurück behalten.
    1. Mach einen Doppelklick auf die ComboFix.exe.
    Gib eine 1 ein, um den Scan zu starten, wenn du danach gefragt wirst.



    2. Wenn der Scan beendet ist, wird er ein Logfile erstellen, den C:\ComboFix.txt
    3. Poste den Inhalt dieses Logfiles.
    4. Starte den Rechner neu auf.

    Hinweise:
    • Stelle dein Antivirus Programm VOR dem scannen mit ComboFix ab, ebenso alle anderen Hintergrund Scanner, inklusive deiner Firewall, da es sonst zu Problemen kommen kann.
    • Klicke nicht mit der Maus in das Fenster des Combofix während es läuft.
      Das könnte dein System einfrieren oder hängen bleiben lassen. Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
    • Mach nichts anderes, wenn es dir nicht gelungen ist, das Combofix laufen zu lassen. Warte auf unsere Anweisungen.
    • Stelle das Script Blocking ab, wenn du den NAV installiert hast, damit die Programme einander nicht in die Wege kommen.
    • Hintergrundwaechter und die Firewall bitte wieder einschalten, wenn das ComboFix seinen Scan beendet und das Logfile ausgegeben hat.

    Bitte bei Unklarheiten oder Problemen
    mit dem abstellen der Programme
    VOR DEM SCAN mit dem ComboFix
    bei uns nachfragen.

    Bitte alle Logs in deine nächste Antwort posten


    gruß

    schrauber

  10. #10
    Forenbenutzer Avatar von chrusty90
    Registriert seit
    04.05.2008
    Beiträge
    47

    AW: Hijacker/ Trojaner oder so was

    Hallo

    danke für die schnelle Hilfe nur ich bin erst morgen Mittag wieder zu Hause. Werde mich aber dann direkt darum kümmern...
    Ich werde dir dann auch noch berichten wie es im normalen Modus läuft... Ich habe ihn direkt in den abgesicherten Modus geschickt weils vorher eh nicht funktionert hatte...
    Aber ich werde es dann beim nächsten Mal probieren direkt.



    Noch ein kleines Problem... Mein Rechner zeigt mir seid dem ersten Auftreten von dem Trojaner oder was es nun ist sowieso an das mein WLAN nicht besteht aber ich habe trotzdem eine Verbindung. Falls das Problem mittlerweile weg ist, ist es kein Problem... Wenns noch da ist muss ich wieder in den Abgesichterten Modus da kann ich nämlich damit arbeiten.

    Gruß,
    chrusty90

Seite 1 von 7 123 ... LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. trojaner oder pc??
    Von jaysus im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 29.04.2008, 19:50
  2. trojaner oder was?
    Von Pigano im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 26.04.2006, 17:42
  3. Antworten: 51
    Letzter Beitrag: 26.11.2005, 02:36
  4. < Trojaner > oder so
    Von Momsi im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 22.10.2005, 23:20
  5. HiJacker oder nicht???
    Von J!M! im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 28.01.2005, 22:53

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •