Hijackthis Logfile bitte überprüfen

von **DirEnGrey18** am 15.04.2008, 00:53

Hi Leute,
bin grad dabei unseren Pc aufzuräumen. Unter anderem habe ich einen Hijackthis Logfile gemacht, vielleicht könnte jemand sich den Logfile ma genauer angucken, vielleicht is da ja irgendwas nicht ok.
Danke im Vorraus.

LogFile:
----------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:57:44, on 15.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Säubern\Spyware Doctor\SDTrayApp.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Säubern\Spybot - Search & Destroy\TeaTimer.exe
D:\Programme\Yahoo!\Widgets\YahooWidgets.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: 78.31.70.70 l2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: (no name) - {02464DDC-3187-11D8-8004-0020ED227566} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SUBERN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F4E631B-C9BC-40E7-80E0-8B82A58A43ED} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Programme\Säubern\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Säubern\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = D:\Programme\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BackUp Maker.lnk = C:\Programme\Festplatte\ASCOMP Software\BackUp Maker\bkmaker.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SUBERN~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SUBERN~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: gebyw - C:\WINDOWS\
O20 - Winlogon Notify: jkklkii - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kwari.xLoader - Unknown owner - C:\Dokumente.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Säubern\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Säubern\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9488 bytes

----------------------------------------------------------------------------------

edit : hab ma eben n neustart gemacht und n neuen Logfile, hatte beim ersten noch alles mögliche an Programmen laufen, dachte mir das es besser is den Logfile nach nem neustart zu machen...dann könnt ihr n Logfile von meinem Pc "in seiner natürlichen Umgebung" sehen^^

von **BlueScreen-Bertrand** am 15.04.2008, 07:36

Guten Morgen,

starte Windows im abgesicherten Modus neu und lösche die Datei
C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

Starte HijackThis erneut und wähle die folgenden Einträge aurd Anhaken aus:

Code: Alles auswählen: R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: (no name) - {02464DDC-3187-11D8-8004-0020ED227566} - (no file) O2 - BHO: (no name) - {8F4E631B-C9BC-40E7-80E0-8B82A58A43ED} - (no file) O20 - Winlogon Notify: gebyw - C:\WINDOWS\ O20 - Winlogon Notify: jkklkii - C:\WINDOWS\ O23 - Service: Kwari.xLoader - Unknown owner - C:\Dokumente.exe (file missing)

Klicke auf "Fix checked".

Starte Windows neu, erstelle ein neues Logfile und poste es hier

von **DirEnGrey18** am 15.04.2008, 18:55

ok, danke erst einmal. hab alles gemacht wie beschrieben, hier der neue Logfile:

------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:56, on 15.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Säubern\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Säubern\Spybot - Search & Destroy\TeaTimer.exe
D:\Programme\Yahoo!\Widgets\YahooWidgets.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 78.31.70.70 l2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SUBERN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Programme\Säubern\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Säubern\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = D:\Programme\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BackUp Maker.lnk = C:\Programme\Festplatte\ASCOMP Software\BackUp Maker\bkmaker.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SUBERN~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SUBERN~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Säubern\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Säubern\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8962 bytes

------------------------------------------------------------------------------------

von **BlueScreen-Bertrand** am 15.04.2008, 20:24

Da wäre nur noch die "AskBar", eine Toolbar für den Internet Explorer, die du eventuell nicht haben möchtest (oft unerwünscht).

Wenn du sie nicht möchtest, deinstalliere sie, falls möglich, über die Systemsteuerung; fixe ansonsten diesen Eintrag

Code: Alles auswählen: O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL

und lösche den Ordner C:\Programme\AskPBar.

von **DirEnGrey18** am 15.04.2008, 20:51

jop hab ich entfernt.

da wäre aber noch dieser eintrag:

O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)

den kann ich doch auch mit HijackThis löschen oder? ich frag lieber, bevor ich da irgendwas falsches mache^^

von **BlueScreen-Bertrand** am 16.04.2008, 08:19

Ja, der kann natürlich auch weg.

von **Nikita** am 16.04.2008, 15:14

Hallo DirEnGrey18

lade bitte Combofix , klicke die Warnmeldung weg und poste hier den Report, der erstellt wird
http://virus-protect.org/artikel/tools/combofix.html

von **DirEnGrey18** am 16.04.2008, 19:49

ok, alles erledigt.
hier der report:

ComboFix 08-04-15.8 - Besitzer 2008-04-16 19:40:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.2448 [GMT 2:00]
ausgeführt von:: D:\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DriveCleaner Free
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DriveCleaner Free\Logs\update.log
C:\Dokumente und Einstellungen\Besitzer\err.log
C:\Dokumente und Einstellungen\Besitzer\ResErrors.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((( Dateien erstellt von 2008-03-16 bis 2008-04-16 ))))))))))))))))))))))))))))))
.

2008-04-15 18:36 . 2007-05-07 09:36 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator.USER-04EF3A696E\Vorlagen
2008-04-15 18:36 . 2007-05-07 10:31 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator.USER-04EF3A696E\Startmenü
2008-04-15 18:36 . 2007-05-07 10:31 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator.USER-04EF3A696E\Netzwerkumgebung
2008-04-15 18:36 . 2008-04-16 19:42 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator.USER-04EF3A696E\Lokale Einstellungen
2008-04-15 18:36 . 2007-05-07 10:31 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.USER-04EF3A696E\Favoriten
2008-04-15 18:36 . 2007-05-07 10:31 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator.USER-04EF3A696E\Druckumgebung
2008-04-15 18:36 . 2007-05-07 10:31 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator.USER-04EF3A696E\Anwendungsdaten
2008-04-15 18:36 . 2008-04-15 18:36 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.USER-04EF3A696E
2008-04-15 02:48 . 2008-04-15 02:48 <DIR> d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sony
2008-04-15 02:48 . 2008-04-15 02:48 <DIR> d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Publish Providers
2008-04-15 00:36 . 2008-04-15 00:36 <DIR> d-------- C:\Programme\Vstplugins
2008-04-15 00:36 . 2008-04-15 00:36 <DIR> d-------- C:\Programme\Sony Setup
2008-04-15 00:36 . 2008-04-15 00:36 <DIR> d-------- C:\Programme\Sony
2008-04-15 00:36 . 2008-04-15 00:36 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
2008-04-14 18:51 . 2008-04-14 18:51 <DIR> d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\JAM Software
2008-04-14 18:50 . 2008-04-14 18:51 <DIR> d-------- C:\Programme\Festplatte
2008-04-14 18:50 . 2008-04-14 18:50 <DIR> d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ASCOMP Software
2008-04-14 18:50 . 2008-01-28 16:08 1,168,824 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2008-04-14 18:40 . 2008-04-14 18:44 <DIR> d-------- C:\Bleached
2008-04-13 07:47 . 2008-04-13 07:47 <DIR> d-------- C:\Movies
2008-04-09 20:48 . 2008-04-09 20:48 <DIR> d-------- C:\Programme\Avira
2008-04-09 20:41 . 2008-04-09 20:41 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avg7
2008-04-09 20:34 . 2008-04-09 20:34 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-09 20:34 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-09 04:09 . 2008-04-15 00:54 <DIR> d-------- C:\Programme\FlashGet
2008-04-09 03:50 . 2008-04-09 03:50 <DIR> d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\iGetter
2008-03-27 07:35 . 2008-03-27 07:35 <DIR> d-------- C:\foddos2
2008-03-26 05:27 . 2008-03-26 06:19 <DIR> d-------- C:\Programme\DAEMON Tools Lite
2008-03-26 05:19 . 2008-03-26 05:19 <DIR> d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DAEMON Tools
2008-03-19 23:50 . 2008-03-19 23:50 <DIR> d-------- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Apple Computer
2008-03-19 23:42 . 2008-03-19 23:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-03-19 23:41 . 2008-03-19 23:42 <DIR> d-------- C:\Programme\Apple Software Update
2008-03-19 23:41 . 2008-03-19 23:41 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2008-03-19 02:17 . 2008-04-14 18:08 4,496,298 --a------ C:\WINDOWS\system32\scvhost

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 17:26 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-04-14 01:06 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\uTorrent
2008-04-13 05:33 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-04-10 15:21 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org2
2008-04-09 19:13 --------- d-----w C:\Programme\TuneUp Utilities 2008
2008-04-09 18:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-04-09 18:43 --------- d-----w C:\Programme\Wecker 2.2
2008-04-09 18:42 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
2008-04-09 14:21 --------- d-----w C:\Programme\jose
2008-04-09 14:18 --------- d-----w C:\Programme\Säubern
2008-04-09 14:18 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-09 14:12 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-03-26 03:19 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-26 02:36 --------- d-----w C:\Programme\TrueDownloader
2008-03-24 21:16 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 21:51 --------- d-----w C:\Programme\DivX
2008-03-19 21:42 --------- d-----w C:\Programme\QuickTime
2008-03-11 22:23 --------- d-----w C:\Programme\ICQ6
2008-03-02 08:48 --------- d-----w C:\Programme\AbiSuite2
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-25 15:22 --------- d-----w C:\Programme\Opera
2008-02-25 03:42 --------- d-----w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Imperium Romanum
2008-02-24 20:51 --------- d-----w C:\Programme\ProtectDisc Driver Installer
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 17:21 --------- d-----w C:\Programme\Ulead GIF Animator Lite Edition
2008-02-05 11:53 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-05 11:50 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-02 17:32 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-02-02 17:32 22,328 ----a-w C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PnkBstrK.sys
2008-01-23 21:22 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-07-22 09:22 1,549,321 --sha-w C:\WINDOWS\system32\eqclkbrt.ini2
2007-08-02 12:31 179,423 --sha-w C:\WINDOWS\system32\mpkmwkyw.ini2
2007-08-04 13:37 1,204,740 --sha-w C:\WINDOWS\system32\qykhlldx.ini2
2007-07-27 11:42 322 --sha-w C:\WINDOWS\system32\uvvwa.ini2
2007-08-04 13:34 749,998 --sha-w C:\WINDOWS\system32\wybeg.bak1
2007-08-05 16:30 756,134 --sha-w C:\WINDOWS\system32\wybeg.bak2
2007-08-05 18:22 763,999 --sh--w C:\WINDOWS\system32\wybeg.ini2
2007-08-05 16:34 1,204,800 --sha-w C:\WINDOWS\system32\xupbdfol.ini2
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"SpybotSD TeaTimer"="C:\Programme\Säubern\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"DAEMON Tools Lite"="C:\Programme\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Programme\Analog Devices\Core\smax4pnp.exe" [2005-05-18 10:00 925696]
"SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 09:54 716800]
"zBrowser Launcher"="C:\Programme\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]
"ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SDTray"="C:\Programme\Säubern\Spyware Doctor\SDTrayApp.exe" [2007-12-10 00:11 1065800]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-16 07:43 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Dokumente und Einstellungen\Besitzer\Startmen

von **Nikita** am 17.04.2008, 11:57

Hallo,

1.
Virustotal http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\scvhost
C:\WINDOWS\system32\scvhost.exe

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren

-----------------------------------------------------------------

2.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Bild

KILLALL::

Driver::
Kwari.xLoader
cusbohcn
acedrv11

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0A203CC0-8E36-776B-0202-030806040504}]

File::
C:\WINDOWS\system32\eqclkbrt.ini2
C:\WINDOWS\system32\mpkmwkyw.ini2
C:\WINDOWS\system32\qykhlldx.ini2
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\system32\xupbdfol.ini2
C:\WINDOWS\system32\scvhost
C:\WINDOWS\system32\scvhost.exe
C:\WINDOWS\system32\drivers\ACEDRV11.sys
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\cusbohcn.sys

Folder::
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Micro Forte

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen

Bild

danach: Combofix noch einmal anwenden

PC neustarten

-------------------------------------------------------------------
3.
scanne mit sdfix (muss im abgesicherten Modus sein) + poste hier den Report
http://virus-protect.org/artikel/tools/sdfix.html

von **DirEnGrey18** am 17.04.2008, 13:35

ok

1. Virustotal:
Hab da n bisken mist gebaut, hab da "C:\WINDOWS\system32\scvhost " hochgeladen und scannen lassen, allerdings das ergebnis nicht abgespeichert...wenn ich das jetz nochma versuche da hochzuladen, kommt immer diese fehlermeldung:

0 bytes size received / Se ha recibido un archivo vacio

allerdings hat keine der antivirus-hersteller (bzw.programme?!) etwas verdächtiges gefunden.

2.Combofix:
vorweg:
mir is ein eintrag aufgefallen, ich hab ihn ma rot markiert. Es handelt sich dabei um das Spiel "Call of Duty", komischerweise konnte ich dieses Spiel in letzter zeit nicht spielen, da es sich ständig minimiert hat (wenn ichs wieder maximiert hab, wars nach 2 sekunden wieder minimiert). Vielleicht sagt dir das ja irgendwas...
falls ich dich richtig verstanden hab, musste ich 2 mal combofix laufen lassen, hier die Logfiles:
[quote]ComboFix 08-04-15.8 - Besitzer 2008-04-17 12:42:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.2622 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Besitzer\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Besitzer\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\cusbohcn.sys
C:\WINDOWS\system32\drivers\ACEDRV11.sys
C:\WINDOWS\system32\eqclkbrt.ini2
C:\WINDOWS\system32\mpkmwkyw.ini2
C:\WINDOWS\system32\qykhlldx.ini2
C:\WINDOWS\system32\scvhost
C:\WINDOWS\system32\scvhost.exe
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\system32\xupbdfol.ini2
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Micro Forte
C:\WINDOWS\system32\drivers\ACEDRV11.sys
C:\WINDOWS\system32\eqclkbrt.ini2
C:\WINDOWS\system32\mpkmwkyw.ini2
C:\WINDOWS\system32\qykhlldx.ini2
C:\WINDOWS\system32\scvhost
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\system32\xupbdfol.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACEDRV11
-------\Legacy_CUSBOHCN
-------\Legacy_KWARI.XLOADER
-------\Service_acedrv11
-------\Service_cusbohcn
-------\Service_Kwari.xLoader

((((((((((((((((((((((( Dateien erstellt von 2008-03-17 bis 2008-04-17 ))))))))))))))))))))))))))))))
.

2008-04-15 18:36 . 2007-05-07 09:36 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator.USER-04EF3A696E\Vorlagen
2008-04-15 18:36 . 2007-05-07 10:31 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator.USER-04EF3A696E\Startmen

von **DirEnGrey18** am 17.04.2008, 13:40

glaub der beitrag eben wurd gekürzt, wa noch nich alles...
der teil gehört noch zu dem log von sdfix:

27 Mar 2008 5:06:40 13.952 A.... "C:\Programme\Mozilla Firefox\AccessibleMarshal.dll"
27 Mar 2008 5:06:42 7.660.656 A.... "C:\Programme\Mozilla Firefox\firefox.exe"
27 Mar 2008 5:06:42 200.829 A.... "C:\Programme\Mozilla Firefox\freebl3.dll"
27 Mar 2008 5:06:44 458.856 A.... "C:\Programme\Mozilla Firefox\js3250.dll"
27 Mar 2008 5:06:44 161.392 A.... "C:\Programme\Mozilla Firefox\nspr4.dll"
27 Mar 2008 5:06:44 378.472 A.... "C:\Programme\Mozilla Firefox\nss3.dll"
27 Mar 2008 5:06:44 276.080 A.... "C:\Programme\Mozilla Firefox\nssckbi.dll"
27 Mar 2008 5:06:44 34.424 A.... "C:\Programme\Mozilla Firefox\plc4.dll"
27 Mar 2008 5:06:44 30.320 A.... "C:\Programme\Mozilla Firefox\plds4.dll"
27 Mar 2008 5:06:46 112.232 A.... "C:\Programme\Mozilla Firefox\smime3.dll"
27 Mar 2008 5:06:46 254.060 A.... "C:\Programme\Mozilla Firefox\softokn3.dll"
27 Mar 2008 5:06:46 132.712 A.... "C:\Programme\Mozilla Firefox\ssl3.dll"
27 Mar 2008 5:06:46 132.232 A.... "C:\Programme\Mozilla Firefox\updater.exe"
27 Mar 2008 5:06:46 13.416 A.... "C:\Programme\Mozilla Firefox\xpcom.dll"
27 Mar 2008 5:06:46 73.848 A.... "C:\Programme\Mozilla Firefox\xpcom_compat.dll"
27 Mar 2008 5:06:46 422.000 A.... "C:\Programme\Mozilla Firefox\xpcom_core.dll"
27 Mar 2008 5:06:46 73.336 A.... "C:\Programme\Mozilla Firefox\xpicleanup.exe"
27 Mar 2008 5:06:46 12.400 A.... "C:\Programme\Mozilla Firefox\xpistub.dll"
22 Mar 2008 1:17:32 252 A.... "C:\Programme\PogoSticker\besttimes.dat"
19 Mar 2008 2:42:56 8 A.... "C:\Programme\PogoSticker\options.dat"
18 Mar 2008 21:48:38 491 A.... "C:\Programme\Porrasturvat - Stair Dismount\scores.dat"
24 Feb 2008 22:51:40 94.469 A.... "C:\Programme\ProtectDisc Driver Installer\uninstall_v11.exe"
18 Mar 2008 2:45:16 808 A.... "C:\Programme\Truck Dismount\scores.dat"
29 Feb 2008 9:58:10 58.112 A.... "C:\Programme\TuneUp Utilities 2008\access.exe"
27 Feb 2008 13:15:10 19.200 A.... "C:\Programme\TuneUp Utilities 2008\authuitu-x64.dll"
27 Feb 2008 13:15:10 16.640 A.... "C:\Programme\TuneUp Utilities 2008\authuitu-x86.dll"
29 Feb 2008 9:58:04 276.224 A.... "C:\Programme\TuneUp Utilities 2008\DiskDoctor.exe"
29 Feb 2008 9:58:04 456.960 A.... "C:\Programme\TuneUp Utilities 2008\DiskExplorer.exe"
29 Feb 2008 9:58:10 274.688 A.... "C:\Programme\TuneUp Utilities 2008\DriveDefrag.exe"
29 Feb 2008 9:58:04 591.104 A.... "C:\Programme\TuneUp Utilities 2008\Integrator.exe"
29 Feb 2008 9:58:06 197.888 A.... "C:\Programme\TuneUp Utilities 2008\MemOptimizer.exe"
29 Feb 2008 9:58:12 350.976 A.... "C:\Programme\TuneUp Utilities 2008\OneClick.exe"
29 Feb 2008 9:58:12 31.488 A.... "C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe"
29 Feb 2008 9:58:06 15.104 A.... "C:\Programme\TuneUp Utilities 2008\PMLauncher.exe"
29 Feb 2008 9:58:06 429.824 A.... "C:\Programme\TuneUp Utilities 2008\ProcessManager.exe"
9 Apr 2008 20:34:36 372.472 A.... "C:\Programme\TuneUp Utilities 2008\ProductInfo.dat"
29 Feb 2008 9:58:06 364.288 A.... "C:\Programme\TuneUp Utilities 2008\RegistryEditor.exe"
29 Feb 2008 9:58:06 571.136 A.... "C:\Programme\TuneUp Utilities 2008\RegistryCleaner.exe"
29 Feb 2008 9:58:06 219.392 A.... "C:\Programme\TuneUp Utilities 2008\RegistryDefrag.exe"
29 Feb 2008 9:58:10 16.640 A.... "C:\Programme\TuneUp Utilities 2008\RegistryDefragHelper.exe"
29 Feb 2008 9:58:12 179.968 A.... "C:\Programme\TuneUp Utilities 2008\RepairWizard.exe"
29 Feb 2008 9:58:06 202.496 A.... "C:\Programme\TuneUp Utilities 2008\RescueCenter.exe"
29 Feb 2008 9:58:08 204.544 A.... "C:\Programme\TuneUp Utilities 2008\Shredder.exe"
29 Feb 2008 9:58:10 35.072 A.... "C:\Programme\TuneUp Utilities 2008\SilentUpdater.exe"
29 Feb 2008 9:58:08 297.216 A.... "C:\Programme\TuneUp Utilities 2008\StartUpManager.exe"
29 Feb 2008 9:58:08 421.120 A.... "C:\Programme\TuneUp Utilities 2008\SystemInformation.exe"
29 Feb 2008 9:58:08 397.056 A.... "C:\Programme\TuneUp Utilities 2008\SystemOptimizer.exe"
29 Feb 2008 9:58:08 130.816 A.... "C:\Programme\TuneUp Utilities 2008\SystemControl.exe"
29 Feb 2008 9:58:10 15.104 A.... "C:\Programme\TuneUp Utilities 2008\TUMessages.exe"
9 Apr 2008 20:35:04 476 A.... "C:\Programme\TuneUp Utilities 2008\TUProduct.dat"
29 Feb 2008 9:58:08 235.776 A.... "C:\Programme\TuneUp Utilities 2008\Undelete.exe"
29 Feb 2008 9:58:08 183.040 A.... "C:\Programme\TuneUp Utilities 2008\UninstallManager.exe"
29 Feb 2008 9:58:08 207.616 A.... "C:\Programme\TuneUp Utilities 2008\UpdateWizard.exe"
27 Feb 2008 13:15:14 28.416 A.... "C:\Programme\TuneUp Utilities 2008\uxtuneup-x86.dll"
27 Feb 2008 13:15:14 35.072 A.... "C:\Programme\TuneUp Utilities 2008\uxtuneup-x64.dll"
29 Feb 2008 9:58:10 933.120 A.... "C:\Programme\TuneUp Utilities 2008\WinStyler.exe"
16 Apr 2008 7:43:26 1.030 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\about.htm"
16 Apr 2008 7:43:26 168.311 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aecore.dll"
16 Apr 2008 7:43:26 430.450 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeemu.dll"
16 Apr 2008 7:43:26 299.379 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aegen.dll"
16 Apr 2008 7:43:26 115.063 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aehelp.dll"
16 Apr 2008 7:43:26 1.167.735 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeheur.dll"
16 Apr 2008 7:43:26 192.891 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeoffice.dll"
16 Apr 2008 7:43:26 364.918 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aepack.dll"
16 Apr 2008 7:43:26 418.164 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aerdl.dll"
16 Apr 2008 7:43:26 115.061 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aescn.dll"
16 Apr 2008 7:43:26 233.851 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aescript.dll"
16 Apr 2008 7:43:26 2.046 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeset.dat"
16 Apr 2008 7:43:26 102.772 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aevdf.dll"
16 Apr 2008 7:43:24 307.457 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avarkt.dll"
16 Apr 2008 7:43:24 360.705 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avcenter.exe"
16 Apr 2008 7:43:24 9.985 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avconfig.dll"
16 Apr 2008 7:43:24 241.921 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avconfig.exe"
16 Apr 2008 7:43:24 114.945 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avevtlog.dll"
13 Apr 2008 7:36:00 3.461.632 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avewin32.dll"
16 Apr 2008 7:43:26 122.113 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.dll"
16 Apr 2008 7:43:26 262.401 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe"
16 Apr 2008 7:43:26 49.472 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys"
16 Apr 2008 7:43:26 147.201 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"
16 Apr 2008 7:43:22 10.497 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avinet.dll"
16 Apr 2008 7:43:26 73.985 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avipc.dll"
16 Apr 2008 7:43:26 8.449 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avnotify.dll"
16 Apr 2008 7:43:26 184.577 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avnotify.exe"
9 Apr 2008 20:50:00 360.488 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avpack32.dll"
16 Apr 2008 7:43:26 25.857 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avpref.dll"
16 Apr 2008 7:43:26 30.977 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avreg.dll"
16 Apr 2008 7:43:26 57.601 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avscan.dll"
16 Apr 2008 7:43:26 311.553 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avscan.exe"
16 Apr 2008 7:43:26 14.593 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avwinll.dll"
16 Apr 2008 7:43:26 208.592 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avwsc.exe"
16 Apr 2008 7:43:26 16.479 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\build.dat"
16 Apr 2008 7:43:26 151.809 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccev.dll"
16 Apr 2008 7:43:26 13.569 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccevrc.dll"
16 Apr 2008 7:43:26 270.593 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccgen.dll"
16 Apr 2008 7:43:26 18.689 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccgenrc.dll"
16 Apr 2008 7:43:26 21.249 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccgrdrc.dll"
16 Apr 2008 7:43:26 217.345 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccguard.dll"
16 Apr 2008 7:43:26 160.001 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\cclib.dll"
16 Apr 2008 7:43:26 61.697 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\cclic.dll"
16 Apr 2008 7:43:26 5.889 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\cclicrc.dll"
16 Apr 2008 7:43:26 22.273 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccmainrc.dll"
16 Apr 2008 7:43:26 155.905 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccmsg.dll"
16 Apr 2008 7:43:26 262.401 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccprofil.dll"
16 Apr 2008 7:43:26 217.345 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccquamgr.dll"
16 Apr 2008 7:43:26 16.641 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccquarc.dll"
16 Apr 2008 7:43:26 12.545 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccreporc.dll"
16 Apr 2008 7:43:26 131.329 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccreport.dll"
16 Apr 2008 7:43:26 23.809 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccscanrc.dll"
16 Apr 2008 7:43:26 151.809 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccsched.dll"
16 Apr 2008 7:43:26 20.225 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccscherc.dll"
16 Apr 2008 7:43:26 246.017 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\cctpc.dll"
16 Apr 2008 7:43:26 114.945 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccupdate.dll"
16 Apr 2008 7:43:26 13.057 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\ccupdrc.dll"
16 Apr 2008 7:43:26 11.009 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\guardevt.dll"
16 Apr 2008 7:43:26 53.505 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\guardgui.exe"
16 Apr 2008 7:43:26 54.017 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\guardmsg.dll"
16 Apr 2008 7:43:26 11.009 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\licmgr.dll"
16 Apr 2008 7:43:26 123.137 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\licmgr.exe"
16 Apr 2008 7:43:26 151.809 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\luke.dll"
16 Apr 2008 7:43:26 12.545 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\lukeres.dll"
16 Apr 2008 7:43:26 258.305 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\mgrs.dll"
16 Apr 2008 7:43:26 13.569 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\msgclient.dll"
16 Apr 2008 7:43:26 7.937 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\netnt.dll"
16 Apr 2008 7:43:26 94.465 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\preupd.exe"
16 Apr 2008 7:43:26 538 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\prodinfo.dat"
16 Apr 2008 7:43:26 65.793 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\rchelp.dll"
16 Apr 2008 7:43:22 2.371.841 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\rcimage.dll"
16 Apr 2008 7:43:22 86.273 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\rctext.dll"
16 Apr 2008 7:43:22 102.400 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\scewxml.dll"
16 Apr 2008 7:43:26 68.865 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"
16 Apr 2008 7:43:26 8.449 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\schedr.dll"
16 Apr 2008 7:43:26 78.081 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\setup.dll"
16 Apr 2008 7:43:26 626.945 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\setup.exe"
16 Apr 2008 7:43:26 69.889 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll"
16 Apr 2008 7:43:26 28.929 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\smtplib.dll"
16 Apr 2008 7:43:26 339.968 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\sqlite3.dll"
16 Apr 2008 7:43:26 47.466 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\sweb.zip"
16 Apr 2008 7:43:22 442.625 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\update.exe"
16 Apr 2008 7:43:22 147.713 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\updgui.dll"
16 Apr 2008 7:43:22 11.009 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\updguirc.dll"
16 Apr 2008 7:43:22 459.009 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\updlib.dll"
16 Apr 2008 7:43:22 26.881 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\updlibrc.dll"
16 Apr 2008 7:43:26 57.601 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\wksstats.dll"
14 Mar 2008 13:55:34 59.904 A.... "C:\Programme\DAEMON Tools Lite\Lang\ARA.dll"
14 Mar 2008 13:55:34 32.768 A.... "C:\Programme\DAEMON Tools Lite\Lang\CHS.dll"
14 Mar 2008 13:55:34 27.648 A.... "C:\Programme\DAEMON Tools Lite\Lang\CHT.dll"
14 Mar 2008 13:55:34 68.608 A.... "C:\Programme\DAEMON Tools Lite\Lang\CSY.dll"
14 Mar 2008 13:55:36 71.680 A.... "C:\Programme\DAEMON Tools Lite\Lang\DAN.dll"
14 Mar 2008 13:55:32 82.944 A.... "C:\Programme\DAEMON Tools Lite\Lang\DEU.dll"
14 Mar 2008 13:55:32 68.608 A.... "C:\Programme\DAEMON Tools Lite\Lang\ENU.dll"
14 Mar 2008 13:55:34 83.456 A.... "C:\Programme\DAEMON Tools Lite\Lang\ESN.dll"
14 Mar 2008 13:55:34 86.528 A.... "C:\Programme\DAEMON Tools Lite\Lang\FRA.dll"
14 Mar 2008 13:55:34 50.176 A.... "C:\Programme\DAEMON Tools Lite\Lang\HEB.dll"
14 Mar 2008 13:55:34 72.192 A.... "C:\Programme\DAEMON Tools Lite\Lang\HRV.dll"
14 Mar 2008 13:55:34 59.904 A.... "C:\Programme\DAEMON Tools Lite\Lang\HUN.dll"
14 Mar 2008 13:55:34 80.896 A.... "C:\Programme\DAEMON Tools Lite\Lang\ITA.dll"
14 Mar 2008 13:55:34 45.056 A.... "C:\Programme\DAEMON Tools Lite\Lang\JPN.dll"
14 Mar 2008 13:55:36 39.424 A.... "C:\Programme\DAEMON Tools Lite\Lang\KOR.dll"
14 Mar 2008 13:55:34 79.360 A.... "C:\Programme\DAEMON Tools Lite\Lang\LTH.dll"
14 Mar 2008 13:55:36 74.752 A.... "C:\Programme\DAEMON Tools Lite\Lang\NLB.dll"
14 Mar 2008 13:55:34 76.800 A.... "C:\Programme\DAEMON Tools Lite\Lang\NOR.dll"
14 Mar 2008 13:55:34 65.024 A.... "C:\Programme\DAEMON Tools Lite\Lang\PLK.dll"
14 Mar 2008 13:55:34 59.904 A.... "C:\Programme\DAEMON Tools Lite\Lang\PTB.dll"
14 Mar 2008 13:55:36 77.824 A.... "C:\Programme\DAEMON Tools Lite\Lang\ROM.dll"
14 Mar 2008 13:55:32 65.024 A.... "C:\Programme\DAEMON Tools Lite\Lang\RUS.dll"
14 Mar 2008 13:55:34 70.144 A.... "C:\Programme\DAEMON Tools Lite\Lang\SKY.dll"
14 Mar 2008 13:55:34 71.680 A.... "C:\Programme\DAEMON Tools Lite\Lang\SLV.dll"
14 Mar 2008 13:55:36 60.928 A.... "C:\Programme\DAEMON Tools Lite\Lang\SRL.dll"
14 Mar 2008 13:55:34 69.120 A.... "C:\Programme\DAEMON Tools Lite\Lang\SVE.dll"
14 Mar 2008 13:55:34 79.872 A.... "C:\Programme\DAEMON Tools Lite\Lang\UKR.dll"
21 Feb 2008 4:03:44 1.933.312 A.... "C:\Programme\DivX\DivX Content Uploader\ContentUploadCheck.dll"
21 Feb 2008 4:03:44 845.824 A.... "C:\Programme\DivX\DivX Content Uploader\libxml2.dll"
21 Feb 2008 4:03:44 1.359.872 A.... "C:\Programme\DivX\DivX Content Uploader\npUpload.dll"
21 Feb 2008 4:03:24 69.632 A.... "C:\Programme\DivX\DivX Codec\config.exe"
21 Feb 2008 4:04:48 341.504 A.... "C:\Programme\DivX\DivX Codec\DivX EKG.exe"
21 Feb 2008 4:04:48 270.336 A.... "C:\Programme\DivX\DivX Codec\DivXDRA1031.dll"
21 Feb 2008 4:04:48 262.144 A.... "C:\Programme\DivX\DivX Codec\DivXDRA1033.dll"
21 Feb 2008 4:04:48 270.336 A.... "C:\Programme\DivX\DivX Codec\DivXDRA1036.dll"
21 Feb 2008 4:04:48 237.568 A.... "C:\Programme\DivX\DivX Codec\DivXDRA1041.dll"
21 Feb 2008 4:03:50 1.355.776 A.... "C:\Programme\DivX\DivX Converter\Converter.exe"
21 Feb 2008 4:03:50 61.440 A.... "C:\Programme\DivX\DivX Converter\dpil100.dll"
21 Feb 2008 4:03:50 892.928 A.... "C:\Programme\DivX\DivX Converter\DSConverter1031.dll"
21 Feb 2008 4:03:50 884.736 A.... "C:\Programme\DivX\DivX Converter\DSConverter1041.dll"
21 Feb 2008 4:03:50 892.928 A.... "C:\Programme\DivX\DivX Converter\DSConverter1036.dll"
21 Feb 2008 4:03:50 892.928 A.... "C:\Programme\DivX\DivX Converter\DSConverter1034.dll"
21 Feb 2008 4:03:50 888.832 A.... "C:\Programme\DivX\DivX Converter\DSConverter1033.dll"
21 Feb 2008 4:03:50 278.528 A.... "C:\Programme\DivX\DivX Converter\dvd2divxsub.dll"
21 Feb 2008 4:03:50 895.488 A.... "C:\Programme\DivX\DivX Converter\libxml2.dll"
21 Feb 2008 4:03:50 122.880 A.... "C:\Programme\DivX\DivX Converter\xdclm.dll"
21 Feb 2008 4:03:50 880.640 A.... "C:\Programme\DivX\DivX Converter\xdsbp.dll"
21 Feb 2008 4:03:50 479.232 A.... "C:\Programme\DivX\DivX Converter\xdsbv.dll"
21 Feb 2008 4:04:30 348.160 A.... "C:\Programme\DivX\DivX Player\DCManager.dll"
21 Feb 2008 4:04:32 1.585.664 A.... "C:\Programme\DivX\DivX Player\DivX Player.exe"
21 Feb 2008 4:04:52 845.824 A.... "C:\Programme\DivX\DivX Player\libxml2.dll"
21 Feb 2008 4:04:32 98.304 A.... "C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll"
21 Feb 2008 4:04:30 1.826.816 A.... "C:\Programme\DivX\DivX Player\PlaybackModule2.dll"
21 Feb 2008 4:05:40 207.608 A.... "C:\Programme\DivX\DivX Player\primosdk.dll"
21 Feb 2008 4:04:00 1.335.600 A.... "C:\Programme\DivX\DivX Web Player\npdivx32.dll"
8 Apr 2008 12:50:20 4.511.048 A.... "C:\Programme\Festplatte\TreeSize Professional\TreeSize.exe"
14 Apr 2008 18:51:18 8.271 A.... "C:\Programme\Festplatte\TreeSize Professional\unins000.dat"
14 Apr 2008 18:50:56 698.053 A.... "C:\Programme\Festplatte\TreeSize Professional\unins000.exe"
12 Mar 2008 0:22:14 535.552 ..... "C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\ISSetup.dll"
12 Mar 2008 0:22:14 372.736 A.... "C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe"
12 Mar 2008 0:22:14 156.616 A.... "C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\_Setup.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Internet Explorer\PLUGINS\npqtplugin5.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Internet Explorer\PLUGINS\npqtplugin6.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Internet Explorer\PLUGINS\npqtplugin7.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll"
15 Apr 2008 18:36:42 146.967 A.... "C:\Programme\Mozilla Firefox\components\compreg.dat"
27 Mar 2008 5:06:40 67.696 A.... "C:\Programme\Mozilla Firefox\components\jar50.dll"
27 Mar 2008 5:06:40 54.376 A.... "C:\Programme\Mozilla Firefox\components\jsd3250.dll"
27 Mar 2008 5:06:40 34.952 A.... "C:\Programme\Mozilla Firefox\components\myspell.dll"
27 Mar 2008 5:06:40 46.720 A.... "C:\Programme\Mozilla Firefox\components\spellchk.dll"
27 Mar 2008 5:06:40 172.144 A.... "C:\Programme\Mozilla Firefox\components\xpinstal.dll"
15 Apr 2008 18:36:42 94.654 A.... "C:\Programme\Mozilla Firefox\components\xpti.dat"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll"
21 Feb 2008 4:04:00 1.335.600 A.... "C:\Programme\Mozilla Firefox\plugins\npdivx32.dll"
21 Feb 2008 4:04:32 98.304 A.... "C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll"
27 Mar 2008 5:06:46 22.664 A.... "C:\Programme\Mozilla Firefox\plugins\npnul32.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll"
27 Mar 2008 5:06:46 451.928 A.... "C:\Programme\Mozilla Firefox\uninstall\helper.exe"
9 Apr 2008 20:34:36 372.472 A.... "C:\Programme\TuneUp Utilities 2008\Data\ProductInfo.dat"
29 Feb 2008 10:00:56 4.616 A.... "C:\Programme\TuneUp Utilities 2008\Data\TUDiskCleaner.dat"
16 Apr 2008 7:43:26 168.311 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aecore.dll"
16 Apr 2008 7:43:26 430.450 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeemu.dll"
16 Apr 2008 7:43:26 299.379 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aegen.dll"
16 Apr 2008 7:43:26 115.063 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aehelp.dll"
16 Apr 2008 7:43:26 1.167.735 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeheur.dll"
16 Apr 2008 7:43:26 192.891 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeoffice.dll"
16 Apr 2008 7:43:26 364.918 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aepack.dll"
16 Apr 2008 7:43:26 418.164 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aerdl.dll"
16 Apr 2008 7:43:26 115.061 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aescn.dll"
16 Apr 2008 7:43:26 233.851 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aescript.dll"
16 Apr 2008 7:43:26 2.046 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeset.dat"
16 Apr 2008 7:43:26 102.772 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aevdf.dll"
21 Feb 2008 4:04:56 96.256 A.... "C:\Programme\DivX\DivX Converter\Microsoft.VC80.ATL\atl80.dll"
21 Feb 2008 4:04:58 479.232 A.... "C:\Programme\DivX\DivX Converter\Microsoft.VC80.CRT\msvcm80.dll"
21 Feb 2008 4:04:58 548.864 A.... "C:\Programme\DivX\DivX Converter\Microsoft.VC80.CRT\msvcp80.dll"
21 Feb 2008 4:04:58 626.688 A.... "C:\Programme\DivX\DivX Converter\Microsoft.VC80.CRT\msvcr80.dll"
21 Feb 2008 4:04:58 1.101.824 A.... "C:\Programme\DivX\DivX Converter\Microsoft.VC80.MFC\mfc80.dll"
21 Feb 2008 4:04:58 1.093.120 A.... "C:\Programme\DivX\DivX Converter\Microsoft.VC80.MFC\mfc80u.dll"
21 Feb 2008 4:04:58 69.632 A.... "C:\Programme\DivX\DivX Converter\Microsoft.VC80.MFC\mfcm80.dll"
21 Feb 2008 4:04:58 57.856 A.... "C:\Programme\DivX\DivX Converter\Microsoft.VC80.MFC\mfcm80u.dll"
21 Feb 2008 4:04:56 96.256 A.... "C:\Programme\DivX\DivX Common Filters\Microsoft.VC80.ATL\atl80.dll"
21 Feb 2008 4:04:58 479.232 A.... "C:\Programme\DivX\DivX Common Filters\Microsoft.VC80.CRT\msvcm80.dll"
21 Feb 2008 4:04:58 548.864 A.... "C:\Programme\DivX\DivX Common Filters\Microsoft.VC80.CRT\msvcp80.dll"
21 Feb 2008 4:04:58 626.688 A.... "C:\Programme\DivX\DivX Common Filters\Microsoft.VC80.CRT\msvcr80.dll"
21 Feb 2008 4:04:58 479.232 A.... "C:\Programme\DivX\DivX Player\Microsoft.VC80.CRT\msvcm80.dll"
21 Feb 2008 4:04:58 548.864 A.... "C:\Programme\DivX\DivX Player\Microsoft.VC80.CRT\msvcp80.dll"
21 Feb 2008 4:04:58 626.688 A.... "C:\Programme\DivX\DivX Player\Microsoft.VC80.CRT\msvcr80.dll"
21 Feb 2008 4:04:58 1.101.824 A.... "C:\Programme\DivX\DivX Player\Microsoft.VC80.MFC\mfc80.dll"
21 Feb 2008 4:04:58 1.093.120 A.... "C:\Programme\DivX\DivX Player\Microsoft.VC80.MFC\mfc80u.dll"
21 Feb 2008 4:04:58 69.632 A.... "C:\Programme\DivX\DivX Player\Microsoft.VC80.MFC\mfcm80.dll"
21 Feb 2008 4:04:58 57.856 A.... "C:\Programme\DivX\DivX Player\Microsoft.VC80.MFC\mfcm80u.dll"
21 Feb 2008 4:04:58 479.232 A.... "C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\msvcm80.dll"
21 Feb 2008 4:04:58 548.864 A.... "C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\msvcp80.dll"
21 Feb 2008 4:04:58 626.688 A.... "C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\msvcr80.dll"
17 Mar 2008 17:10:50 5.524.448 A.... "C:\Programme\Festplatte\ASCOMP Software\BackUp Maker\bkmaker.exe"
14 Apr 2008 18:50:46 7.380 A.... "C:\Programme\Festplatte\ASCOMP Software\BackUp Maker\unins000.dat"
14 Apr 2008 18:50:26 684.476 A.... "C:\Programme\Festplatte\ASCOMP Software\BackUp Maker\unins000.exe"
21 Feb 2008 4:04:58 479.232 A.... "C:\Programme\Mozilla Firefox\plugins\Microsoft.VC80.CRT\msvcm80.dll"
21 Feb 2008 4:04:58 548.864 A.... "C:\Programme\Mozilla Firefox\plugins\Microsoft.VC80.CRT\msvcp80.dll"
21 Feb 2008 4:04:58 626.688 A.... "C:\Programme\Mozilla Firefox\plugins\Microsoft.VC80.CRT\msvcr80.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Opera\program\plugins\npqtplugin5.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Opera\program\plugins\npqtplugin6.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Opera\program\plugins\npqtplugin7.dll"
21 Feb 2008 4:04:00 1.335.600 A.... "C:\Programme\Opera\program\plugins\npdivx32.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Opera\program\plugins\npqtplugin.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Opera\program\plugins\npqtplugin2.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Opera\program\plugins\npqtplugin3.dll"
19 Mar 2008 23:43:00 143.360 A.... "C:\Programme\Opera\program\plugins\npqtplugin4.dll"
24 Dec 2008 19:23:20 121.344 A.... "C:\Programme\S„ubern\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll"
1 Mar 2008 21:38:28 1.949.696 A.... "C:\Programme\ICQ6\services\boxelyRenderer\VER2_5_5_1\boxelyrenderer.dll"
21 Feb 2008 4:04:58 479.232 A.... "C:\Programme\Opera\program\plugins\Microsoft.VC80.CRT\msvcm80.dll"
21 Feb 2008 4:04:58 548.864 A.... "C:\Programme\Opera\program\plugins\Microsoft.VC80.CRT\msvcp80.dll"
21 Feb 2008 4:04:58 626.688 A.... "C:\Programme\Opera\program\plugins\Microsoft.VC80.CRT\msvcr80.dll"
24 Mar 2008 23:20:38 4.536 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\avatar\avatars4.html"
24 Mar 2008 23:20:40 94.764 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\avatar\avatars_galerry4.html"
24 Mar 2008 23:20:38 1.436 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\avatar\connect.htm"
24 Mar 2008 23:13:04 833 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\coreg\index.html"
24 Mar 2008 23:13:04 444 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\coreg\preload.html"
24 Mar 2008 16:11:26 4.475 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\game_center\index.html"
24 Mar 2008 16:11:26 593 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\game_center\lobby_banner.html"
24 Mar 2008 23:20:46 1.759 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\photo_cropper\connect_local.htm"
24 Mar 2008 23:20:46 1.460 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\photo_cropper\index2.html"
24 Mar 2008 23:20:46 20.241 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\photo_cropper\photo_editor2.html"
6 Apr 2008 22:14:12 36.883 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\zlango\content.zip"
12 Mar 2008 0:23:02 4.611 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\avatar\avatar.zip"
12 Mar 2008 0:23:02 4.137 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\babylon_feed\flower.zip"
12 Mar 2008 0:23:02 5.704 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\backgammon\backgammon.zip"
12 Mar 2008 0:23:02 16.115 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\bob\bob.zip"
12 Mar 2008 0:23:02 5.865 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\checkers\checkers.zip"
12 Mar 2008 0:23:04 5.170 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\comming_up\comming_up.zip"
12 Mar 2008 0:23:04 4.137 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\coreg\flower.zip"
12 Mar 2008 0:23:04 4.162 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\darts\darts.zip"
12 Mar 2008 0:23:04 14.036 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\funky_neighbours\funky_neighbours.zip"
12 Mar 2008 0:23:04 15.722 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\game_center\games_center.zip"
12 Mar 2008 0:23:08 576.181 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\game_center\xtratranspdlg2.zip"
12 Mar 2008 0:23:04 4.137 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq5_notification\flower.zip"
12 Mar 2008 0:23:04 11.253 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq_card\icq_card.zip"
12 Mar 2008 0:23:04 3.219 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq_dialer\icq_dialer.zip"
12 Mar 2008 0:23:04 3.152 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq_sounds\sounds.zip"
12 Mar 2008 0:23:04 8.374 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq_welcome\welcome.zip"
12 Mar 2008 0:23:06 15.722 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\mini_game_center\games_center.zip"
12 Mar 2008 0:23:06 43.710 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\mini_game_center\images.zip"
12 Mar 2008 0:23:04 4.539 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\odd_cast_vhost\oddcast.zip"
12 Mar 2008 0:23:06 1.466 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_cinema\p7_cinema.zip"
12 Mar 2008 0:23:06 4.172 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_mobileshop\mobile_shop.zip"
12 Mar 2008 0:23:04 2.988 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_n24news\n24.zip"
12 Mar 2008 0:23:04 4.325 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_planet\planet_popstars.zip"
12 Mar 2008 0:23:04 3.504 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_playground\p7_playground.zip"
12 Mar 2008 0:23:04 2.668 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_shirtstudio\shirtstudio.zip"
12 Mar 2008 0:23:04 5.106 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_topmodel\p7_topModel.zip"
12 Mar 2008 0:23:04 2.364 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7_billing\p7_billing.zip"
12 Mar 2008 0:23:06 4.830 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\pccw_billing\pccw_billing.zip"
12 Mar 2008 0:23:06 5.647 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\pccw_pay_gmib\pccw_pay_gmib.zip"
12 Mar 2008 0:23:04 5.145 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\photo_cropper\photo.zip"
12 Mar 2008 0:23:04 5.194 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\poker\poker.zip"
12 Mar 2008 0:23:04 6.187 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\pool\pool.zip"
12 Mar 2008 0:23:04 5.389 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\rps\rps.zip"
12 Mar 2008 0:23:04 5.078 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\s1de_auto\auto.zip"
24 Mar 2008 16:11:28 2.551 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\s1de_connect4\connectfour.zip"
12 Mar 2008 0:23:04 4.499 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\s1de_horoscope\horoskope.zip"
12 Mar 2008 0:23:04 4.718 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\s1de_soccer\soccer.zip"
12 Mar 2008 0:23:04 1.212 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\s1de_sudoku\sudoku.zip"
12 Mar 2008 0:23:04 4.984 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\slide-a-lama\slide-a-lama.zip"
12 Mar 2008 0:23:04 5.357 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\sms_activation\sms_activation.zip"
12 Mar 2008 0:23:06 16.352 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\teddy\teddy.zip"
12 Mar 2008 0:23:06 17.935 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\teddy2\teddy2.zip"
12 Mar 2008 0:23:04 4.706 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\warsheep\warsheep.zip"
12 Mar 2008 0:23:06 14.352 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\word_puzzle\word_puzzle.zip"
12 Mar 2008 0:23:06 9.696 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\xicq_admirer_matchx\admirer.zip"
12 Mar 2008 0:23:06 9.696 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\xicq_admirer_top5x\admirer.zip"
12 Mar 2008 0:23:06 9.696 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\xicq_admirerx\admirer.zip"
6 Apr 2008 22:14:10 27.586 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\zlango\images.zip"
12 Mar 2008 0:23:06 6.123 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\zlango\zlango1.zip"
12 Mar 2008 0:23:06 4.922 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\zoopaloola\zoopaloola.zip"
13 Mar 2008 18:26:04 14.808.064 A.... "C:\Programme\QIP\Users\339563676\RcvdFiles\350596124_Woelk\TuneUp 2008 Final\TU2008DE.exe"

Files with hidden attributes:

Fri 29 Feb 2008 625,664 ..SH. --- "C:\Programme\Internet Explorer\iexplore.exe"
Wed 4 Aug 2004 4,639 ..SH. --- "C:\Programme\Windows Media Player\mplayer2.exe"
Mon 27 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Tue 10 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay Converter\drv13260.dll"
Tue 10 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"
Tue 10 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"
Tue 10 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"
Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay Converter\dspr3260.dll"
Sun 4 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"
Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay Converter\rnco3260.dll"
Tue 10 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay Converter\rnlt3260.dll"
Tue 10 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay Converter\rv103260.dll"
Tue 10 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay Converter\rv203260.dll"
Tue 10 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay Converter\rv303260.dll"
Tue 10 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay Converter\rv403260.dll"
Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay Converter\tokr3260.dll"
Fri 9 Mar 2007 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Tue 24 Jul 2007 1,689,851 A.SH. --- "C:\WINDOWS\system32\hdjsgcdl.tmp"
Fri 3 Aug 2007 295 A.SH. --- "C:\WINDOWS\system32\icpfmerr.tmp"
Thu 2 Aug 2007 161,343 A.SH. --- "C:\WINDOWS\system32\mpkmwkyw.tmp"
Sat 7 Jul 2007 560 A.SH. --- "C:\WINDOWS\system32\uvvwa.tmp"
Sun 5 Aug 2007 761,549 ..SH. --- "C:\WINDOWS\system32\wybeg.tmp"
Tue 19 Jun 2007 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Wed 9 May 2007 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"

Program Folders:

C:\Programme\

7-Zip
AbiSuite2
Activision
Adobe
AGEIA Technologies
Alcohol Soft
AMD
Analog Devices
Apple Software Update
ArtMoney
Ashampoo
Ashampoo Magical Defrag
ASUS
ATI Technologies
ATITool
Avira
BitComet
ComPlus Applications
Countdown Pro 2
DAEMON Tools Lite
DivX
DriveCleaner
DVD Decrypter
DVDVIDEOSOFT
FDRLab
Festplatte
FlashGet
FLVPlayer
GameSpy
Gemeinsame Dateien
Grisoft
Hardcopy
ICQ6
InstallShield Installation Information
Intel
Internet Explorer
Java
jose
Kaspersky Lab
kav
Logitech
Lotto
Macromedia
Messenger
Microsoft Bootvis
microsoft frontpage
Microsoft Games
Monitor Calibration Wizard
MonstersGame Browser V0.5
Motherboard Monitor 5
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSN Messenger
MSXML 4.0
MSXML 6.0
Nero
NetMeeting
NFR
OFFSystem
Online Services
Online-Dienste
OpenOffice.org 2.2
Opera
Outlook Express
PixiePack Codec Pack
ProtectDisc Driver Installer
QIP
QuickTime
Realtek
Reference Assemblies
ReflexiveArcade
RegCleaner
Replay Converter
Replay Video Converter
RouterControl
S„ubern
Sierra On-Line
Smallvideosoft
Software by Design
Sony
Sony Setup
Spyware Process Detector
Trillian
TrueDownloader
TuneUp Utilities 2008
Ulead GIF Animator Lite Edition
Uninstall Information
uTorrent
VideoLAN
Vodei
Vstplugins
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WinSpeedUp
WinZip
xerox
Yahoo!

C:\Programme\Gemeinsame Dateien\

Adobe
Adobe Systems Shared
Ahead
Blizzard Entertainment
Dienste
DVDVIDEOSOFT
InstallShield
Java
Kaspersky Lab
Logitech
Macromedia
Microsoft Shared
MSSoap
ODBC
SpeechEngines
stardock
SWF Studio
System
Wise Installation Wizard

Add/Remove Programs:

7-Zip 4.42
AbiWord 2.4.6 (remove only)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
ATI - Software Uninstall Utility
Avira AntiVir Personal – Free Antivirus
ArtMoney SE v7.26
Ask Toolbar
ATI Display Driver
ATITool Overclocking Utility
BackUp Maker v5.3
Battle.net
CCleaner (remove only)
DVD Decrypter (Remove Only)
FlashGet 1.9.6.1073
FLV Player 1.3.3
Free YouTube to Mp3 Converter version 2.2
Freez FLV to MP3 Converter
Hardcopy (C:\Programme\Hardcopy)
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Call of Duty(R) 4 - Modern Warfare(TM)
Windows XP-Hotfix - KB873339
Windows XP-Hotfix - KB885835
Windows XP-Hotfix - KB885836
Windows XP-Hotfix - KB886185
Windows XP-Hotfix - KB887472
High Definition Audio Driver Package - KB888111
Windows XP-Hotfix - KB888302
Windows XP-Hotfix - KB890859
Windows XP-Hotfix - KB891781
Sicherheitsupdate für Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update für Windows XP (KB894391)
Update für Windows XP (KB896256)
Sicherheitsupdate für Windows XP (KB896358)
Sicherheitsupdate für Windows XP (KB896423)
Sicherheitsupdate für Windows XP (KB896428)
Update für Windows XP (KB898461)
Sicherheitsupdate für Windows XP (KB899587)
Sicherheitsupdate für Windows XP (KB899591)
Update für Windows XP (KB900485)
Sicherheitsupdate für Windows XP (KB900725)
Sicherheitsupdate für Windows XP (KB901017)
Sicherheitsupdate für Windows XP (KB901214)
Sicherheitsupdate für Windows XP (KB902400)
Sicherheitsupdate für Windows XP (KB904706)
Update für Windows XP (KB904942)
Sicherheitsupdate für Windows XP (KB905414)
Sicherheitsupdate für Windows XP (KB905749)
Sicherheitsupdate für Windows XP (KB908519)
Update für Windows XP (KB908531)
Update für Windows XP (KB910437)
Update für Windows XP (KB911280)
Sicherheitsupdate für Windows XP (KB911562)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows XP (KB911927)
Sicherheitsupdate für Windows XP (KB913580)
Sicherheitsupdate für Windows XP (KB914388)
Sicherheitsupdate für Windows XP (KB914389)
Hotfix für Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Update für Windows XP (KB916595)
Sicherheitsupdate für Windows XP (KB917344)
Sicherheitsupdate für Windows XP (KB917422)
Sicherheitsupdate für Windows Media Player 9 (KB917734)
Sicherheitsupdate für Windows XP (KB917953)
Sicherheitsupdate für Windows XP (KB918118)
Sicherheitsupdate für Windows XP (KB918439)
Sicherheitsupdate für Windows XP (KB919007)
Sicherheitsupdate für Windows XP (KB920213)
Sicherheitsupdate für Windows XP (KB920670)
Sicherheitsupdate für Windows XP (KB920683)
Sicherheitsupdate für Windows XP (KB920685)
Update für Windows XP (KB920872)
Sicherheitsupdate für Windows XP (KB921503)
Update für Windows XP (KB922582)
Sicherheitsupdate für Windows XP (KB922819)
Sicherheitsupdate für Windows XP (KB923191)
Sicherheitsupdate für Windows XP (KB923414)
Sicherheitsupdate für Windows XP (KB923689)
Sicherheitsupdate für Windows XP (KB923694)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB923980)
Sicherheitsupdate für Windows XP (KB924191)
Sicherheitsupdate für Windows XP (KB924270)
Sicherheitsupdate für Windows XP (KB924496)
Sicherheitsupdate für Windows XP (KB924667)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Update für Windows XP (KB925720)
Sicherheitsupdate für Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Sicherheitsupdate für Windows XP (KB926255)
Sicherheitsupdate für Windows XP (KB926436)
Sicherheitsupdate für Windows XP (KB927779)
Sicherheitsupdate für Windows XP (KB927802)
Update für Windows XP (KB927891)
Sicherheitsupdate für Windows XP (KB928090)
Sicherheitsupdate für Windows XP (KB928255)
Sicherheitsupdate für Windows XP (KB928843)
Sicherheitsupdate für Windows XP (KB929123)
Hotfix for Windows Media Format 11 SDK (KB929399)
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
Sicherheitsupdate für Windows XP (KB930178)
Update für Windows XP (KB930916)
Sicherheitsupdate für Windows XP (KB931261)
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
Sicherheitsupdate für Windows XP (KB931784)
Update für Windows XP (KB931836)
Sicherheitsupdate für Windows XP (KB932168)
Update für Windows XP (KB933360)
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
Sicherheitsupdate für Windows XP (KB933729)
Sicherheitsupdate für Windows XP (KB935839)
Sicherheitsupdate für Windows XP (KB935840)
Sicherheitsupdate für Windows XP (KB936021)
Update für Windows XP (KB936357)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Update für Windows XP (KB938828)
Sicherheitsupdate für Windows XP (KB938829)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Hotfix für Windows Media Player 11 (KB939683)
Sicherheitsupdate für Windows XP (KB941202)
Sicherheitsupdate für Windows XP (KB941568)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB941644)
Sicherheitsupdate für Windows XP (KB941693)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Update für Windows XP (KB942763)
Sicherheitsupdate für Windows XP (KB943055)
Sicherheitsupdate für Windows XP (KB943460)
Sicherheitsupdate für Windows XP (KB943485)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows XP (KB944653)
Sicherheitsupdate für Windows XP (KB945553)
Sicherheitsupdate für Windows XP (KB946026)
Hotfix für Windows Internet Explorer 7 (KB947864)
Sicherheitsupdate für Windows XP (KB948590)
Sicherheitsupdate für Windows XP (KB948881)
Mahjong Escape Deluxe
Microsoft .NET Framework 3.5
mIRC
Monitor Calibration Wizard 1.0
Motherboard Monitor 5
Mozilla Firefox (2.0.0.13)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
ProtectDisc Driver, Version 11
PunkBuster Services
QIP 2005 Uninstall
Replay Converter 2.8
RouterControl 1.80
save2pc Pro Demo 3.20
Solid State ION Mozilla Plugin
Spyware Doctor 5.1
Spyware Process Detector v2.02
The Owner Free File System 0.18.00
TreeSize Professional 5.1.1
Ulead GIF Animator Lite Edition 1.0
VideoLAN VLC media player 0.8.6a
Vodei Multimedia Processor 2.10
What's Running 2.2
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR Archivierer
Windows Media Format 11 runtime
Windows Media Player 11
World of Warcraft
WinSpeedUp 2.8
Microsoft User-Mode Driver Framework Feature Pack 1.0
XnView 1.90
XML Paper Specification Shared Components Pack 1.0
Yahoo! Widgets
Yahoo! Install Manager
YouTube Downloader 2.5
Gothic III
Logitech iTouch Software
CCC
Lineage II
Skins
MSXML 6.0 Parser (KB933579)
Macromedia Extension Manager
Microsoft Bootvis
ccc-utility
ccc-core-preinstall
Gothic III Release Update
Skins
Windows Live Messenger
Microsoft .NET Framework 3.0 Service Pack 1
Macromedia Flash 8
Catalyst Control Center Core Implementation
Microsoft .NET Framework 3.5
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
MSXML 4.0 SP2 (KB927978)
Opera 9.21
ccc-core-preinstall
Catalyst Control Center Graphics Full New
CCC Help English
neroxml
ccc-utility
TuneUp Utilities 2008
Catalyst Control Center Graphics Light
The Hulk(TM)
GameSpy Comrade
Paragon Drive Backup 8 Personal
ICQ6
PixiePack Codec Pack
Microsoft Visual C++ 2005 Redistributable
ccc-core-static
DivX Codec
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Light
DivX Player
Macromedia Flash 8 Video Encoder
Catalyst Control Center Graphics Full Existing
GTAIII
ccc-core-preinstall
Sony Vegas Movie Studio Platinum 8.0
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Nero 7 Premium
Microsoft Visual C++ 2005 Redistributable
ccc-core-static
Catalyst Control Center Graphics Full Existing
Skins
CCC Help English
Adobe Reader 8.1.2 - Deutsch
Catalyst Control Center Graphics Previews Common
DivX Converter
Catalyst Control Center Core Implementation
Spybot - Search & Destroy
Microsoft .NET Framework 2.0 Service Pack 1
DivX Web Player
Apple Software Update
ccc-core-static
QuickTime
Catalyst Control Center Graphics Previews Common
MSXML 4.0 SP2 (KB936181)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
ccc-utility
WinZip 11.1
DivX Content Uploader
Catalyst Control Center Graphics Full New
Rappelz_USA
Call of Duty(R) 4 - Modern Warfare(TM)
OpenOffice.org 2.2
Adobe Photoshop CS
AGEIA PhysX v7.07.24
SoundMAX
PC Probe II
Catalyst Control Center Graphics Full New
Catalyst Control Center Core Implementation

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SoundMAXPnP"="C:\\Programme\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"zBrowser Launcher"="C:\\Programme\\Logitech\\iTouch\\iTouch.exe"
"ISUSPM Startup"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"StartCCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\""
"SDTray"="\"C:\\Programme\\S„ubern\\Spyware Doctor\\SDTrayApp.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Reader Speed Launcher"="\"C:\\Programme\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"KernelFaultCheck"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,75,00,6d,00,70,00,72,00,65,00,70,00,20,00,30,00,20,00,2d,00,6b,\
00,00,00
"SDFix"="C:\\SDFix\\RunThis.bat /second"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SDFix"="C:\\SDFix\\RunThis.bat /second"

Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Sicherheitscenter
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows-Firewall/Gemeinsame Nutzung der Internetverbindung
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatische Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : Systemwiederherstellungsdienst
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

<