IE öffnet ständig Werbung

DougKing · 10.04.2010, 00:50

Hallo Liebes Trojaner-Board Team

Ich weiß dieses Thema wurde schon öfters eröffnen
aber ich hab das gleiche Problem, unzwar das mein

Internet Explorer ziemlich oft einfach (und automatisch) ein Fenster
öffnet und in diesem Fenster eine Werbung erscheint.

Und ich öffne deswege ein neues Thema da ich mein HijackThis posten
wollte und das nicht in irgendeinem anderen Thema dazwischen schieben will.

( BItte um Verständnis )

ICh hoffe jemand kann es dem HijackThis das Problem herraus lesen oder anzeichen herauslesen und sie mir mitteilen.

mfg
DougKing

------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 00:58:35, on 10.04.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files (x86)\Safari\Safari.exe
D:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AdblockIE - {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] "C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
O4 - HKCU\..\Run: [audiomsxml50] rundll32.exe "C:\Users\Kempinski\AppData\Local\audiomsxml50\audiomsxml50.dll", DllInit
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9DEEF2C-9A5B-4442-9D50-B8DA659CA967}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A9DEEF2C-9A5B-4442-9D50-B8DA659CA967}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. hxxp://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Sion · 10.04.2010, 10:39

Alle Progs mit Rechtsklick "Als Administrator ausführen" starten.

1. http://www.trojaner-board.de/51187-a...i-malware.html
Log posten.

2. http://www.trojaner-board.de/74908-a...t-scanner.html
Log posten.

3. Hol dir OTL
Starte OTL
Kopiere unten in das Skript-Feld rein:

Zitat:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schließe alle anderen Programme.
Klicke auf Quick Scan.
Poste die beiden Logs - OTL.txt und Extras.txt

DougKing · 10.04.2010, 11:40

Ok also
Log ---->>>> Malwarebytes Anti-Malware

---------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3973

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

10.04.2010 12:37:02
mbam-log-2010-04-10 (12-37-02).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 105741
Laufzeit: 2 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\audiomsxml50 (Adware.Agent.N) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Kempinski\AppData\Local\audiomsxml50\audiomsxml50.dll (Adware.Agent.N) -> Delete on reboot.

DougKing · 10.04.2010, 11:52

So und
Log ---->> GMER

------------------------------------------------------------------------

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-10 12:51:06
Windows 6.0.6001 Service Pack 1
Running: m5qmgtyg.exe

---- Files - GMER 1.0.15 ----

File C:\Windows\Temp\TMP000000136D04FEDB2370CD1B 524288 bytes

---- EOF - GMER 1.0.15 ----

DougKing · 10.04.2010, 12:07

Und zu guter letzt

Log ----------------->>> OTL

--------------------------------------------------------------------------

OTL logfile created on: 10.04.2010 12:54:16 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Kempinski\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 70,09 Gb Free Space | 35,89% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 356,49 Gb Free Space | 91,26% Space Free | Partition Type: NTFS
Drive E: | 345,57 Gb Total Space | 329,50 Gb Free Space | 95,35% Space Free | Partition Type: NTFS
Drive F: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEMPINSKI-PC
Current User Name: Kempinski
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.04.10 12:22:30 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Kempinski\Desktop\OTL.exe
PRC - [2010.03.15 22:30:43 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.03.05 17:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.09.18 19:41:14 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2009.08.21 10:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009.07.07 21:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe

========== Modules (SafeList) ==========

MOD - [2010.04.10 12:22:30 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Kempinski\Desktop\OTL.exe
MOD - [2008.10.30 01:44:10 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008.10.30 01:35:50 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.04.10 00:35:37 | 000,393,728 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV:64bit: - [2010.04.10 00:30:35 | 002,299,656 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2010.03.23 13:05:56 | 000,036,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.01.11 13:04:10 | 000,405,920 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2009.11.04 17:45:14 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.10.19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. hxxp://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2008.10.30 01:32:37 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006.11.02 13:17:42 | 000,022,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\irmon.dll -- (Irmon)
SRV - [2010.03.28 10:27:52 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.03.23 13:10:12 | 001,398,088 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.03.23 13:05:48 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.15 22:30:43 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.07.07 21:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
SRV - [2008.07.27 20:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006.11.02 15:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 08:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 08:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.03.13 01:55:03 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kempinski\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kempinski\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{758cf33e-2e0b-11df-84a7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{758cf33e-2e0b-11df-84a7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O33 - MountPoints2\{e60ff890-302b-11df-bf7b-0025222a1be8}\Shell - "" = AutoRun
O33 - MountPoints2\{e60ff890-302b-11df-bf7b-0025222a1be8}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll ()
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2006.11.02 15:34:09 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2006.11.02 15:34:13 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010.04.10 12:28:18 | 000,000,000 | ---D | C] -- C:\Users\Kempinski\AppData\Roaming\Malwarebytes
[2010.04.10 12:28:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.10 12:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.10 12:22:29 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Kempinski\Desktop\OTL.exe
[2010.04.10 12:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010.04.09 23:22:29 | 000,000,000 | ---D | C] -- C:\Users\Kempinski\AppData\Roaming\BitDefender
[2010.04.09 23:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010.04.09 23:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010.04.09 23:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010.04.09 23:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BitDefender
[2010.03.28 14:11:00 | 000,000,000 | ---D | C] -- C:\Users\Kempinski\Desktop\Sehr Wichtig Daten
[2010.03.28 13:01:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.03.28 13:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.03.28 13:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.03.28 13:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010.03.28 13:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.03.28 13:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.03.28 13:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.03.28 12:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.03.28 12:29:54 | 000,000,000 | ---D | C] -- C:\Users\Kempinski\AppData\Roaming\Xilisoft Corporation
[2010.03.28 10:27:55 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.03.28 10:27:55 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.03.28 10:27:30 | 000,000,000 | ---D | C] -- C:\Users\Kempinski\AppData\Roaming\TuneUp Software
[2010.03.28 10:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010
[2010.03.28 10:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.03.28 10:26:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.03.27 18:41:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[6 C:\Users\Kempinski\AppData\Local\*.tmp files -> C:\Users\Kempinski\AppData\Local\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.04.10 12:54:24 | 001,835,008 | -HS- | M] () -- C:\Users\Kempinski\NTUSER.DAT
[2010.04.10 12:51:27 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{A9DEEF2C-9A5B-4442-9D50-B8DA659CA967}
[2010.04.10 12:51:27 | 000,003,284 | ---- | M] () -- C:\Users\Kempinski\AppData\Roaming\ANIWZCS{A9DEEF2C-9A5B-4442-9D50-B8DA659CA967}
[2010.04.10 12:49:35 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.10 12:49:35 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.10 12:49:35 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.10 12:42:21 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 12:42:21 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 12:42:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.10 12:42:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.10 12:42:08 | 4285,587,456 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.10 12:41:14 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.04.10 12:41:08 | 000,524,288 | -HS- | M] () -- C:\Users\Kempinski\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.04.10 12:41:08 | 000,065,536 | -HS- | M] () -- C:\Users\Kempinski\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.04.10 12:41:07 | 001,895,674 | -H-- | M] () -- C:\Users\Kempinski\AppData\Local\IconCache.db
[2010.04.10 12:22:30 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Kempinski\Desktop\OTL.exe
[2010.04.10 01:54:38 | 000,254,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.04.10 00:31:40 | 000,347,336 | ---- | M] () -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pcwords2.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pcwords.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_webproxy.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_video.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_tabloids.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_socialnetworks.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_sign.slf
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_searchengines.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_regionaltlds.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_pornography.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlineshop.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlinepay.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlinedating.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_news.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_im.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_illegal.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_hate.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_games.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_gambling.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_drugs.dat
[2010.04.09 23:28:00 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010.03.28 21:11:56 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.03.28 21:11:56 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.03.28 17:56:29 | 000,113,664 | ---- | M] () -- C:\Users\Kempinski\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.28 11:13:41 | 000,000,680 | ---- | M] () -- C:\Users\Kempinski\AppData\Local\d3d9caps.dat
[2010.03.27 23:16:55 | 000,000,849 | ---- | M] () -- C:\Users\Kempinski\Desktop\Recover My Files.lnk
[2010.03.27 13:03:24 | 000,000,634 | ---- | M] () -- C:\Windows\SysWow64\MAPISVC.INF
[6 C:\Users\Kempinski\AppData\Local\*.tmp files -> C:\Users\Kempinski\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.10 12:28:07 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.10 02:25:01 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010.04.10 02:07:37 | 000,212,864 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010.04.10 02:02:28 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010.04.10 01:40:43 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010.04.10 01:40:43 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010.04.10 01:40:43 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010.04.10 01:40:42 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010.04.10 01:40:42 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010.04.10 01:40:42 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010.04.10 01:40:41 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010.04.10 01:40:41 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010.04.10 01:40:40 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010.04.10 01:40:40 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010.04.10 01:40:40 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010.04.10 01:40:40 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010.04.10 01:40:40 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010.04.10 01:40:40 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010.04.10 01:40:40 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010.04.10 01:40:39 | 001,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010.04.10 01:40:39 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010.04.10 01:40:38 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010.04.10 01:40:38 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010.04.10 01:40:37 | 012,464,128 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010.04.10 01:40:35 | 009,243,136 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010.04.10 01:40:35 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010.04.10 01:40:35 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010.04.10 01:38:11 | 000,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll
[2010.04.10 01:38:11 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll
[2010.04.10 01:38:11 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll
[2010.04.10 01:38:11 | 000,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll
[2010.04.10 01:38:10 | 000,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll
[2010.04.10 01:38:10 | 000,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll
[2010.04.10 01:38:10 | 000,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx
[2010.04.10 01:38:09 | 000,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll
[2010.04.10 01:38:09 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe
[2010.04.10 01:38:09 | 000,055,808 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2010.04.10 01:38:09 | 000,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll
[2010.04.10 01:38:08 | 000,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010.04.10 01:38:08 | 000,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll
[2010.04.10 01:38:07 | 000,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll
[2010.04.10 01:38:07 | 000,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll
[2010.04.10 01:38:07 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010.04.10 01:38:06 | 000,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll
[2010.04.10 01:38:06 | 000,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010.04.10 01:38:06 | 000,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll
[2010.04.10 01:38:06 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll
[2010.04.10 01:38:06 | 000,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe
[2010.04.10 01:38:05 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010.04.10 01:38:05 | 000,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe
[2010.04.10 01:38:05 | 000,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe
[2010.04.10 01:38:05 | 000,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010.04.10 01:38:05 | 000,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010.04.10 01:38:05 | 000,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe
[2010.04.10 01:38:04 | 000,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll
[2010.04.10 01:38:04 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll
[2010.04.10 01:38:03 | 003,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2010.04.10 01:38:03 | 000,479,744 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010.04.10 01:38:02 | 000,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe
[2010.04.10 01:37:09 | 000,294,912 | ---- | C] () -- C:\Windows\SysNative\browserchoice.exe
[2010.04.10 01:34:06 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010.04.10 01:34:02 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010.04.10 01:34:01 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010.04.10 01:10:39 | 000,634,288 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_ATL80SP1_KB973923MSI247C.txt
[2010.04.10 01:10:38 | 000,012,566 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_ATL80SP1_KB973923UI247C.txt
[2010.04.10 00:52:46 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2010.04.10 00:52:45 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2010.04.10 00:52:43 | 000,338,944 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010.04.10 00:52:43 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2010.04.10 00:52:42 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2010.04.10 00:52:42 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2010.04.10 00:52:42 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2010.04.10 00:38:20 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.04.10 00:21:36 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010.04.10 00:21:35 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010.04.10 00:21:35 | 001,926,656 | ---- | C] () -- C:\Windows\SysNative\gameux.dll
[2010.04.10 00:15:27 | 012,240,896 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0007.dll
[2010.04.10 00:15:26 | 002,644,480 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0009.dll
[2010.04.10 00:15:12 | 001,361,920 | ---- | C] () -- C:\Windows\SysNative\NaturalLanguage6.dll
[2010.04.10 00:10:12 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010.04.10 00:10:11 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010.04.10 00:10:11 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010.04.10 00:10:11 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010.04.10 00:10:11 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010.04.10 00:10:11 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010.04.10 00:10:11 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010.04.10 00:10:11 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010.04.10 00:10:11 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010.04.10 00:10:09 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010.04.10 00:09:53 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010.04.10 00:09:53 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010.04.10 00:09:53 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010.04.10 00:09:52 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010.04.10 00:09:46 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2010.04.10 00:09:40 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2010.04.10 00:09:31 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010.04.10 00:09:25 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2010.04.10 00:09:18 | 001,078,840 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2010.04.10 00:09:18 | 001,066,040 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2010.04.10 00:09:18 | 000,382,008 | ---- | C] () -- C:\Windows\SysNative\ci.dll
[2010.04.10 00:09:17 | 000,993,336 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2010.04.10 00:09:17 | 000,982,584 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2010.04.10 00:09:17 | 000,022,072 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2010.04.10 00:09:16 | 000,474,624 | ---- | C] () -- C:\Windows\SysNative\srcore.dll
[2010.04.10 00:09:16 | 000,339,968 | ---- | C] () -- C:\Windows\SysNative\rstrui.exe
[2010.04.10 00:09:16 | 000,058,368 | ---- | C] () -- C:\Windows\SysNative\setbcdlocale.dll
[2010.04.10 00:09:16 | 000,046,592 | ---- | C] () -- C:\Windows\SysNative\srclient.dll
[2010.04.10 00:09:16 | 000,018,944 | ---- | C] () -- C:\Windows\SysNative\srdelayed.exe
[2010.04.10 00:09:15 | 000,007,680 | ---- | C] () -- C:\Windows\SysNative\kbd106n.dll
[2010.04.10 00:08:40 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010.04.10 00:08:34 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010.04.10 00:08:34 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010.04.10 00:08:30 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2010.04.10 00:08:28 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
[2010.04.10 00:08:28 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
[2010.04.10 00:08:24 | 000,388,608 | ---- | C] () -- C:\Windows\SysNative\gdi32.dll
[2010.04.10 00:07:50 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010.04.10 00:07:21 | 000,464,384 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010.04.10 00:07:21 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010.04.10 00:07:18 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010.04.10 00:07:17 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2010.04.10 00:07:11 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2010.04.10 00:07:08 | 000,273,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010.04.10 00:07:08 | 000,134,656 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010.04.10 00:07:05 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010.04.10 00:07:04 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
[2010.04.10 00:07:03 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010.04.10 00:07:02 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
[2010.04.10 00:07:02 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
[2010.04.10 00:07:02 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
[2010.04.10 00:07:02 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
[2010.04.10 00:07:02 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
[2010.04.10 00:06:51 | 001,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.04.10 00:06:48 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2010.04.10 00:06:47 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2010.04.10 00:06:40 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2010.04.10 00:06:36 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2010.04.10 00:06:34 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\scrobj.dll
[2010.04.10 00:06:34 | 000,197,632 | ---- | C] () -- C:\Windows\SysNative\scrrun.dll
[2010.04.10 00:06:34 | 000,166,912 | ---- | C] () -- C:\Windows\SysNative\wscript.exe
[2010.04.10 00:06:34 | 000,144,384 | ---- | C] () -- C:\Windows\SysNative\wshom.ocx
[2010.04.10 00:06:33 | 000,147,968 | ---- | C] () -- C:\Windows\SysNative\cscript.exe
[2010.04.10 00:06:33 | 000,101,888 | ---- | C] () -- C:\Windows\SysNative\wshext.dll
[2010.04.10 00:06:29 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2010.04.10 00:06:28 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2010.04.10 00:06:28 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2010.04.10 00:06:28 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2010.04.10 00:06:27 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2010.04.10 00:06:27 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2010.04.10 00:06:27 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2010.04.10 00:06:27 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2010.04.10 00:06:26 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010.04.10 00:06:03 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010.04.10 00:05:58 | 001,245,184 | ---- | C] () -- C:\Windows\SysNative\WMNetMgr.dll
[2010.04.10 00:05:58 | 000,112,640 | ---- | C] () -- C:\Windows\SysNative\logagent.exe
[2010.04.10 00:05:54 | 004,691,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010.04.10 00:05:52 | 000,883,200 | ---- | C] () -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2010.04.10 00:05:52 | 000,399,872 | ---- | C] () -- C:\Windows\SysNative\emdmgmt.dll
[2010.04.10 00:05:52 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\drivers\nwifi.sys
[2010.04.10 00:05:52 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\dataclen.dll
[2010.04.10 00:05:52 | 000,047,104 | ---- | C] () -- C:\Windows\SysNative\cdd.dll
[2010.04.10 00:05:48 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2010.04.10 00:05:46 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\drivers\pacer.sys
[2010.04.10 00:05:46 | 000,039,424 | ---- | C] () -- C:\Windows\SysNative\traffic.dll
[2010.04.10 00:05:46 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\pacerprf.dll
[2010.04.10 00:05:46 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\wshqos.dll
[2010.04.10 00:05:44 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2010.04.10 00:05:41 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
[2010.04.10 00:05:41 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
[2010.04.10 00:05:37 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010.04.10 00:05:33 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2010.04.10 00:05:32 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2010.04.10 00:05:31 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2010.04.10 00:05:31 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2010.04.10 00:05:30 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010.04.10 00:05:30 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2010.04.10 00:05:30 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2010.04.10 00:05:26 | 012,897,792 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010.04.10 00:05:16 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010.04.10 00:05:16 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2010.04.10 00:05:16 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2010.04.10 00:05:16 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2010.04.10 00:05:15 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2010.04.10 00:05:15 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2010.04.10 00:05:15 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2010.04.09 23:50:05 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010.04.09 23:50:05 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010.04.09 23:50:05 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010.04.09 23:50:05 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010.04.09 23:49:48 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2010.04.09 23:49:48 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2010.04.09 23:49:48 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2010.04.09 23:49:39 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010.04.09 23:49:39 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pcwords2.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pcwords.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_webproxy.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_video.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_tabloids.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_socialnetworks.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_sign.slf
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_searchengines.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_regionaltlds.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_pornography.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlineshop.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlinepay.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlinedating.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_news.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_im.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_illegal.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_hate.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_games.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_gambling.dat
[2010.04.09 23:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_drugs.dat
[2010.04.09 23:28:00 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2010.04.09 23:21:50 | 000,405,004 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_vcredistMSI5137.txt
[2010.04.09 23:21:50 | 000,011,474 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_vcredistUI5137.txt
[2010.03.28 13:01:40 | 000,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll
[2010.03.28 13:01:40 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010.03.28 10:27:58 | 000,034,632 | ---- | C] () -- C:\Windows\SysNative\TURegOpt.exe
[2010.03.28 10:27:55 | 000,036,168 | ---- | C] () -- C:\Windows\SysNative\uxtuneup.dll
[2010.03.28 10:27:55 | 000,025,928 | ---- | C] () -- C:\Windows\SysNative\authuitu.dll
[2010.03.27 23:16:55 | 000,000,849 | ---- | C] () -- C:\Users\Kempinski\Desktop\Recover My Files.lnk
[2010.03.27 18:41:40 | 000,000,680 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\d3d9caps.dat
[2010.03.22 21:39:14 | 000,324,020 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_vcredistMSI044B.txt
[2010.03.22 21:39:14 | 000,014,010 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_vcredistUI044B.txt
[2010.03.22 21:32:20 | 000,416,614 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_vcredistMSI7F03.txt
[2010.03.22 21:32:20 | 000,011,474 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_vcredistUI7F03.txt
[2010.03.21 01:45:40 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.03.21 01:45:39 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.03.21 01:45:38 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.03.21 01:45:38 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.03.21 01:45:37 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.03.21 01:45:37 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010.03.20 17:04:35 | 000,113,664 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.17 20:19:58 | 000,410,502 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_vcredistMSI40F2.txt
[2010.03.17 20:19:57 | 000,011,462 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_vcredistUI40F2.txt
[2010.03.15 14:22:16 | 000,000,770 | ---- | C] () -- C:\Windows\Sof2.INI
[2010.03.13 19:28:28 | 003,063,318 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_NET_Framework35_x64_MSI6103.txt
[2010.03.13 18:12:34 | 001,335,966 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_NET_Framework35_x64_MSI26EB.txt
[2010.03.13 15:06:40 | 000,169,210 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_dotnetfx35install_lp.txt
[2010.03.13 15:06:40 | 000,000,398 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_dotnetfx35error_lp.txt
[2010.03.13 15:06:06 | 001,865,758 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_NET_Framework35_x64_MSI1834.txt
[2010.03.13 15:04:16 | 000,637,134 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2010.03.13 15:04:13 | 000,854,194 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_dotnetfx35install.txt
[2010.03.13 15:04:13 | 000,034,188 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\uxeventlog.txt
[2010.03.13 15:04:13 | 000,000,542 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_dotnetfx35error.txt
[2010.03.13 14:10:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.13 01:48:08 | 000,000,785 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.03.13 01:29:21 | 000,011,656 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_vcredistUI2716.txt
[2010.03.13 01:28:50 | 000,011,672 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\dd_vcredistUI26B1.txt
[2010.03.13 01:23:37 | 000,003,284 | ---- | C] () -- C:\Users\Kempinski\AppData\Roaming\ANIWZCS{A9DEEF2C-9A5B-4442-9D50-B8DA659CA967}
[2010.03.13 01:22:43 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll
[2010.03.13 01:22:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll
[2010.03.13 01:22:43 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll
[2010.03.13 01:22:43 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll
[2010.03.13 01:22:31 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll
[2010.03.13 01:22:13 | 000,733,184 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll
[2010.03.12 21:22:20 | 000,000,732 | ---- | C] () -- C:\Users\Kempinski\AppData\Local\d3d9caps64.dat
[2010.03.12 21:22:19 | 001,835,008 | -HS- | C] () -- C:\Users\Kempinski\NTUSER.DAT
[2010.03.12 21:22:19 | 000,524,288 | -HS- | C] () -- C:\Users\Kempinski\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010.03.12 21:22:19 | 000,524,288 | -HS- | C] () -- C:\Users\Kempinski\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.03.12 21:22:19 | 000,262,144 | -H-- | C] () -- C:\Users\Kempinski\ntuser.dat.LOG1
[2010.03.12 21:22:19 | 000,065,536 | -HS- | C] () -- C:\Users\Kempinski\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.03.12 21:22:19 | 000,000,020 | -HS- | C] () -- C:\Users\Kempinski\ntuser.ini
[2010.03.12 21:22:19 | 000,000,000 | -H-- | C] () -- C:\Users\Kempinski\ntuser.dat.LOG2
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.10.30 01:44:17 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.10.30 01:43:09 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010.04.09 23:22:46 | 000,000,000 | ---D | M] -- C:\Users\Kempinski\AppData\Roaming\BitDefender
[2010.04.09 23:56:53 | 000,000,000 | ---D | M] -- C:\Users\Kempinski\AppData\Roaming\BitTorrent
[2010.03.20 12:47:52 | 000,000,000 | ---D | M] -- C:\Users\Kempinski\AppData\Roaming\e-hahn Software
[2010.03.27 15:34:52 | 000,000,000 | ---D | M] -- C:\Users\Kempinski\AppData\Roaming\ICQ
[2010.03.20 15:55:27 | 000,000,000 | ---D | M] -- C:\Users\Kempinski\AppData\Roaming\OpenOffice.org
[2010.03.28 10:27:30 | 000,000,000 | ---D | M] -- C:\Users\Kempinski\AppData\Roaming\TuneUp Software
[2010.03.23 18:30:58 | 000,000,000 | ---D | M] -- C:\Users\Kempinski\AppData\Roaming\Ubisoft
[2010.03.28 12:29:54 | 000,000,000 | ---D | M] -- C:\Users\Kempinski\AppData\Roaming\Xilisoft Corporation
[2010.04.10 12:41:12 | 000,020,480 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008.10.30 01:26:47 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.10.30 01:26:45 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2009.06.25 15:06:52 | 000,001,024 | ---- | M] () MD5=231CD46A29C26A58BDE1C7146B702399 -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: IASTORV.SYS >
[2008.10.30 01:27:54 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008.10.30 01:48:40 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2008.10.30 01:37:22 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008.10.30 01:37:22 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008.10.30 01:37:22 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.10.30 01:27:14 | 000,128,056 | ---- | M] (NVIDIA Corporation) MD5=2C040B7ADA5B06F6FACADAC8514AA034 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2008.10.30 01:27:14 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.10.30 01:46:02 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008.10.30 01:46:02 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008.10.30 01:46:02 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.10.30 01:43:10 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:24051EFF
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:07BB519E
< End of report >

------------------------------------------------------------------------

DougKing · 10.04.2010, 12:08

Und noch
Log ------------->>>>> 'OTL Extras

----------------------------------------------------------------------

OTL Extras logfile created on: 10.04.2010 12:54:17 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Kempinski\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 70,09 Gb Free Space | 35,89% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 356,49 Gb Free Space | 91,26% Space Free | Partition Type: NTFS
Drive E: | 345,57 Gb Total Space | 329,50 Gb Free Space | 95,35% Space Free | Partition Type: NTFS
Drive F: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEMPINSKI-PC
Current User Name: Kempinski
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = B2 19 DD C3 18 C2 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAFC5157-77ED-44FA-B8A9-5D5F5166FDA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E97C8EEE-F827-4247-846F-01AADDFA2477}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D6E3B0-88E4-4CFA-9349-FD2DD321C53E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0AF204CB-A1C7-43AC-9EEC-8024B97BFE7A}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{0E046CFC-8A3F-4156-ABF9-73456A26F04C}" = protocol=6 | dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"{0FCF2C99-D80B-459B-9B49-A3BFEEE9AFBA}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.0\icq.exe |
"{14936B6F-90B2-45E2-B430-F1811A3D2711}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{149E9869-B347-4CCA-9944-5202FE41EC16}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.0\icq.exe |
"{1709AFE8-EC7B-41A0-BD7C-9333B6F09CB9}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.0\aolload.exe |
"{19769AC5-7B62-47C7-9F17-99E962E1612A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{1DD79D97-34CD-413C-98E2-BE80410A1683}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E54260D-FB03-4908-B74F-B5F72F01E544}" = protocol=6 | dir=in | app=d:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{1EBD605A-5489-47F5-8BE6-4A1A7B212E2C}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{221FE6CB-4BFC-4BA5-9321-D2086C741D82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{2C629E4D-3004-4D52-94F2-1492E8B6EFAD}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{30B8BA6C-4158-4622-B217-93EF46202D8E}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.0\icq.exe |
"{31ECFD28-86ED-4CB5-93B7-DD775E754A57}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.0\icq.exe |
"{3D1BAB4D-2ECF-4251-8DEA-818699F704CA}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.0\icq.exe |
"{4089E972-91C1-4E20-B810-DDC525B5BF0C}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{408E9084-2B3D-4612-AD3C-4A187F39B440}" = protocol=6 | dir=in | app=d:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{42AFBE66-3BEC-4FDF-9080-AFE95DEA853B}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{4A6AFF6B-8C1E-4E4B-8C35-00711B514C94}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.0\aolload.exe |
"{4D1A9EDD-9D1A-43CE-866E-495669BCBA1F}" = protocol=6 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe |
"{580572D9-443A-4B77-887A-0554EAC0A3A0}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{595717E0-0C45-43E1-A02E-3AC3FDEDACCF}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{62E9801A-C20C-4DF7-B7BB-C8549DDB97E5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{639909F4-14B9-43E7-948A-A9DE14596CC5}" = protocol=17 | dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"{65FB10B8-242A-4ED4-BECE-0107455C5B96}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{72AD2C7C-FAC9-4076-A256-FAD3FACC1CCC}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe |
"{74E37949-E3B3-4A73-9055-093CD36D4868}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{773D4FAD-DD85-4C4E-A60F-8804CF86D42F}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.0\aolload.exe |
"{7A747358-5BAE-47BC-A002-E6065EFE9D72}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{8490038C-69A8-44F5-9FEB-755003180765}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{8521A69C-FA94-4AC3-A2BA-752C4E7F2B4C}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{90BA1419-DC4F-49A6-A055-389506FD5408}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{9B356648-78B2-4CA2-B632-424E200E0701}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9DA7F04C-697A-4B8F-A07E-B7737CC1B673}" = protocol=17 | dir=in | app=d:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{9FBFA570-7614-4B20-AA70-9AF6A6B2C7F8}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.0\aolload.exe |
"{A0DDD260-7BC9-46D6-98A5-EE735BB6E141}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A6CF80CC-6B22-4807-8E3B-3AA982FEAE13}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{A96316A7-1E08-43F1-8358-D4E4E1815794}" = protocol=6 | dir=in | app=d:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{AF4211BB-DD9D-490D-8A8F-19271616D739}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B00AF721-4944-480D-95FA-A77A1D7B3F0D}" = protocol=17 | dir=in | app=d:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{B08484BA-F783-4AF9-956D-1747D6FE6185}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.0\aolload.exe |
"{B157698D-B7E7-461A-8667-79059B292D9D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{BB26C37A-FB20-472B-B1AB-266F7880F25E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C050BDA5-F6FF-4F5C-9D23-3746051C88C0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C1928B98-9BFD-45C2-9F8E-B5DEAD4CCD4F}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.0\icq.exe |
"{C20CE96E-75E4-4D95-B404-0655CDE15B7D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CACFCBB9-6829-488F-871F-5183A1F1B241}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{DAEE8F25-91F7-4E7C-8EB3-80583217FD2A}" = protocol=17 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe |
"{DC592485-74DD-4F6A-8D62-535A4F8DD515}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DD0E71AE-AB57-42C3-B023-0F02D9862DE6}" = protocol=17 | dir=in | app=d:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{DF2F0D5A-2F01-43BF-8DDB-DE8F67F5F9BB}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.0\aolload.exe |
"{E1B8D281-2B93-44D0-B815-03FCE275B07A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E49FEB4E-1BEF-4E98-97D4-D016A1B090B1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E8C51E2C-DEE5-4367-91F2-EA7A3AB42461}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{FB0BC25F-C48F-44BD-8522-2E6D7331EFEF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{FE2DA3EF-4FCC-40D1-AD0F-C82CA2FD74E9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04C43AE1-5B72-487F-AC6C-6BC1AA19FE03}" = Microsoft IntelliPoint 6.2
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E37765E-45AE-4830-A12C-E5DADD758472}" = HP Photosmart D5400 Printer Driver Software 12.0 Rel .3
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{534A3680-A7CE-80D0-029B-2105ADA363AB}" = ATI AVIVO64 Codecs
"{67DB4BFC-02AA-4806-B3CF-9840F29C92FA}" = Microsoft IntelliType Pro 6.2
"{68451E5C-0A9C-4D5C-8D06-6E296242E908}" = 64 Bit HP CIO Components Installer
"{6D3423C7-7F9B-4453-B807-5994A5F39B9D}" = BitDefender Antivirus 2010
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{AFA3C5A9-959F-3A6F-9BDC-B20EA563DC23}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CE04D80B-ECEA-3228-4901-78CF0E480CA4}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1C80931B-D271-A7E5-06D8-60C4D6DCCE69}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCA1E50-EB4B-1722-1605-721CECC3B6D7}" = Catalyst Control Center Graphics Light
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23549DB2-183A-C2F1-F12A-4B20F386129A}" = CCC Help Greek
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{267D1BAE-B645-CC3E-468B-1E94846CB003}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{382CC0FC-CC76-8BF1-D595-9172077A67AD}" = CCC Help Japanese
"{38E84C0B-74F8-2CD7-8401-9A9638676061}" = CCC Help Spanish
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4511950B-88F9-302E-77F2-C953EF8045F8}" = Catalyst Control Center HydraVision Full
"{49FDA7D8-B293-2E8B-19F3-0F10C110C4CC}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5217C537-271A-0628-11CE-A8AFB79D8773}" = CCC Help Finnish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5E1DE2DE-71B7-5C37-A8D2-949C143C863D}" = Catalyst Control Center Graphics Previews Vista
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{663F286D-DABF-F3D1-ECAB-6F3BF3B190CC}" = CCC Help Swedish
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{72326BD4-7E8C-D36E-AC40-084595B034F6}" = CCC Help Korean
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8DC58529-0378-E6F7-2FC1-3CC62F4F01FF}" = CCC Help Thai
"{8E5EAB78-59D0-9C95-4907-E50E359E7E5E}" = HydraVision
"{9041E63C-4B43-3E1A-F316-38FE2E6C614A}" = CCC Help Russian
"{915B97D7-585F-48DE-9E62-47F916514854}" = D5400
"{93F22EEC-DAD6-1D0D-E208-03FDA1B58F01}" = Catalyst Control Center InstallProxy
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{98DA6BEA-8C70-EF24-730C-7695D1176256}" = CCC Help Czech
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D608D83-6198-F009-1B50-3A55F937E305}" = CCC Help Chinese Standard
"{A09E489C-BF64-FC3C-C823-9C5FDD19FE28}" = CCC Help Norwegian
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AD0EE5BD-B8C0-9ACB-678A-C1AD9AC0BA60}" = ccc-core-static
"{B2580E5E-F617-EAE5-04B2-0C49FAC1E24F}" = Catalyst Control Center Graphics Full Existing
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B705AA09-2E48-4095-904C-F6CE8B97DEF6}" = Active@ Partition Recovery
"{BF24E54D-77C1-CDF8-054C-133FBB71EE90}" = Catalyst Control Center Graphics Full New
"{C07A746C-E1A1-C0C3-A30C-EFB5ECE184C3}" = Catalyst Control Center Core Implementation
"{C2C60D9F-0D6E-188C-1ADE-9DC3BF6ADA93}" = CCC Help Hungarian
"{C2F9FF21-946D-8907-A45B-DF1414F43316}" = Catalyst Control Center Localization All
"{C849A1C0-B8CB-1BB0-62BB-362C2851FD0F}" = CCC Help German
"{C9018568-C473-4BE3-49B0-D2DC974519C4}" = CCC Help Chinese Traditional
"{CF2C9A13-51A0-5640-0F57-76EC9A404D89}" = CCC Help Italian
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1144D23-122B-35C1-9B51-25580A159117}" = CCC Help Turkish
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link Wireless N DWA-140
"{D9BEB973-E4E0-18A8-3910-EB7A5D93C93C}" = CCC Help Danish
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{E192A201-E9B4-406A-82D5-7886F3BB63D5}" = PS_SF_03_D5400_Software_Min
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE8E5082-A83B-CFDA-964D-1F9F134F6D2E}" = CCC Help Dutch
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6F8D4EB-19B5-F561-B3FA-39467F65943F}" = CCC Help English
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F937EBB7-E475-DE6C-6CE7-46BDF5B12A4B}" = CCC Help Polish
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitTorrent" = BitTorrent
"DivX Setup.divx.com" = DivX-Setup
"Easy Desktop Note_is1" = Easy Desktop Note 1.11
"Game Booster_is1" = Game Booster
"GameSpy Arcade" = GameSpy Arcade
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"PunkBusterSvc" = PunkBuster Services
"Recover My Files_is1" = Recover My Files
"Restorer Ultimate_is1" = Restorer Ultimate 5.1
"Soldier of Fortune II - Double Helix" = Soldier of Fortune II - Double Helix
"TuneUp Utilities" = TuneUp Utilities
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xilisoft Video Converter Standard" = Xilisoft Video Converter Standard

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.03.2010 11:37:09 | Computer Name = Kempinski-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\DivX\DivX
Update\x64\DivXUpdateCheck.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28.03.2010 11:56:29 | Computer Name = Kempinski-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\DivX\DivX
Update\x64\DivXUpdateCheck.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28.03.2010 11:56:42 | Computer Name = Kempinski-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\DivX\DivX
Update\x64\DivXUpdateCheck.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28.03.2010 13:26:15 | Computer Name = Kempinski-PC | Source = Application Error | ID = 1000
Description = Faulting application vc5.exe, version 1.0.0.1, time stamp 0x4976d1d3,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783, exception
code 0xc0000005, fault offset 0x0003cf2f, process id 0x1018, application start time
0x01cace9b7f0eae7d.

Error - 09.04.2010 16:17:53 | Computer Name = Kempinski-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\DivX\DivX
Update\x64\DivXUpdateCheck.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 09.04.2010 16:51:55 | Computer Name = Kempinski-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module hpswp_BHO.dll_unloaded, version 0.0.0.0, time stamp
0x48f6585a, exception code 0xc0000005, fault offset 0x05c82f54, process id 0x13c4,
application start time 0x01cad8267880509d.

Error - 09.04.2010 19:11:11 | Computer Name = Kempinski-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 09.04.2010 19:22:22 | Computer Name = Kempinski-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 09.04.2010 19:27:22 | Computer Name = Kempinski-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 09.04.2010 20:05:14 | Computer Name = Kempinski-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e791, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791adec,
exception code 0xc0150010, fault offset 0x00000000000b1188, process id 0xbb4, application
start time 0x01cad840627bb11d.

[ System Events ]
Error - 09.04.2010 19:51:17 | Computer Name = Kempinski-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 09.04.2010 19:51:17 | Computer Name = Kempinski-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 09.04.2010 19:51:17 | Computer Name = Kempinski-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 09.04.2010 19:51:17 | Computer Name = Kempinski-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 09.04.2010 19:51:47 | Computer Name = Kempinski-PC | Source = DCOM | ID = 10010
Description =

Error - 09.04.2010 19:54:46 | Computer Name = Kempinski-PC | Source = HTTP | ID = 15016
Description =

Error - 09.04.2010 20:20:46 | Computer Name = Kempinski-PC | Source = HTTP | ID = 15016
Description =

Error - 10.04.2010 06:13:04 | Computer Name = Kempinski-PC | Source = HTTP | ID = 15016
Description =

Error - 10.04.2010 06:42:19 | Computer Name = Kempinski-PC | Source = HTTP | ID = 15016
Description =

Error - 10.04.2010 06:49:04 | Computer Name = Kempinski-PC | Source = Service Control Manager | ID = 7022
Description =

< End of report >

-------------------------------------------------------------------

Sion · 10.04.2010, 12:15

Ah, sorry, Gmer funktioniert nicht sehr gut auf 64-bit Systemen, schon wieder übersehen.

1. Hol dir Sophos Anti-Rootkit.
Hier ist die Anleitung dazu.

DougKing · 10.04.2010, 14:14

NAch dem ich diesen Malware Scan gemacht habe oeffnet sich keine

Werbung mehr im Internet Explorer.

Könnte es sein das dieses Programm das Problem behoben hat. ??

Sion · 10.04.2010, 14:28

Ja, das Problem hat das Programm behoben. Könnte aber sonst noch was auf dem Rechner sein.

IE öffnet ständig Werbung

Log-Analyse und Auswertung: IE öffnet ständig Werbung