HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge

OTL logfile created on: 22.09.2012 19:58:31 - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\Alex\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale:  | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,71% Memory free
4,00 Gb Paging File | 1,91 Gb Available in Paging File | 47,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 43,54 Gb Free Space | 29,75% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 256,07 Gb Free Space | 80,20% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.22 19:55:31 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Downloads\OTL.exe
PRC - [2012.09.22 19:52:44 | 000,050,477 | ---- | M] () -- C:\Users\Alex\Downloads\Defogger.exe
PRC - [2012.09.21 14:08:28 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
PRC - [2012.09.08 17:54:41 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2012.05.15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.09 20:29:52 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- C:\Programme\Bandoo\Bandoo.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.16 11:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011.05.09 19:10:50 | 002,480,048 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009.11.12 05:42:56 | 000,362,032 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.11.12 05:42:50 | 000,661,072 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009.11.12 05:42:20 | 005,140,960 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.07.14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.22 19:52:44 | 000,050,477 | ---- | M] () -- C:\Users\Alex\Downloads\Defogger.exe
MOD - [2012.09.21 14:08:27 | 009,813,424 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_278.dll
MOD - [2012.09.08 17:54:41 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.08.17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.02.09 02:56:38 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.21 14:09:28 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.08 17:54:41 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.08.10 09:09:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.11.09 14:16:12 | 000,196,376 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.08.09 20:29:52 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Programme\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.09 19:10:50 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.11.12 05:42:50 | 000,661,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Disabled | Stop_Pending] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.09.22 12:44:43 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.09.22 12:44:42 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.09.22 12:44:41 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.08.13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012.08.02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012.06.08 11:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.09 19:10:51 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.05.09 19:10:48 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm258.sys -- (tdrpman258)
DRV - [2011.05.09 19:10:43 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.05.09 19:10:36 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.22 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.04.09 01:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.11.11 15:47:16 | 000,295,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008.07.26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 15:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008.07.26 15:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=175&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0DE40A0A-2BF9-4608-82E9-41188640181E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=CF57CF53-34B7-4C3E-84DE-B7FAF30B8F55&apn_sauid=BDEFE8F4-E7D1-46EF-B9EA-C8442290DD61&
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=100581&tt=110911_startpage
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=175&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_&q={searchTerms}&mntrId=fc3e830a000000000000001f3f04e995&tlver=1.4.35.10&"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Alex\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.07 21:10:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\o813l87k.default\extensions\ffox@bandoo.com [2011.11.01 14:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.10 19:54:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.09.22 12:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.09.22 12:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.09.22 12:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 17:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 17:54:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.07 21:10:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\o813l87k.default\extensions\ffox@bandoo.com [2011.11.01 14:16:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 17:54:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 17:54:39 | 000,000,000 | ---D | M]
 
[2011.09.13 14:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2012.09.16 12:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\o813l87k.default\extensions
[2012.09.16 12:43:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\o813l87k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.01 14:16:25 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\o813l87k.default\extensions\ffox@bandoo.com
[2011.09.13 14:49:53 | 000,002,506 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\o813l87k.default\searchplugins\SearchResults.xml
[2012.09.22 12:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 17:54:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.08 17:54:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.08 17:54:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.08 17:54:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.26 22:34:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.30 22:17:45 | 000,002,227 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.31 11:18:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.26 22:34:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 22:34:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.13 14:49:53 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.06.26 22:34:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 22:34:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programme\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [DriverMax]  File not found
O4 - HKCU..\Run: [DriverMax_RESTART]  File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Alex\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Alex\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90FE7AB9-B7BD-42AE-BA25-872BD0A55E65}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\datamngr.dll) - c:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\iebho.dll) - c:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Programme\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{15ccfd4a-782d-11e0-81f1-001d605abdc2}\Shell - "" = AutoRun
O33 - MountPoints2\{15ccfd4a-782d-11e0-81f1-001d605abdc2}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.22 16:00:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2012.09.22 15:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.22 15:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.22 15:59:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.22 15:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.22 12:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2012.09.22 12:23:56 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012.09.22 12:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.09.22 12:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.09.22 12:23:33 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.09.22 12:23:33 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klflt.sys
[2012.09.22 11:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2012.09.16 05:17:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Meine empfangenen Dateien
[2012.09.15 21:29:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\- MADK Sampler -
[2012.09.08 17:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.05 20:05:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Neuer Ordner
[2012.08.31 12:14:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\zukünftige tests cubase
[2012.08.30 18:30:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\cubase1
[2012.08.29 20:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2012.08.26 01:42:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\sortieren
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.22 19:53:20 | 000,000,000 | ---- | M] () -- C:\Users\Alex\defogger_reenable
[2012.09.22 19:13:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.22 19:13:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.22 19:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.22 15:59:26 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.22 12:44:43 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys
[2012.09.22 12:44:42 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys
[2012.09.22 12:44:41 | 000,587,096 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.09.22 12:29:41 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 12:29:41 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 12:29:27 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.22 12:29:27 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.22 12:29:27 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.22 12:29:27 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.22 12:22:38 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.09.22 12:22:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.22 12:22:18 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.22 12:09:36 | 329,846,634 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.22 12:08:12 | 000,017,408 | ---- | M] () -- C:\Users\Alex\AppData\Local\WebpageIcons.db
[2012.09.22 09:06:05 | 000,000,396 | ---- | M] () -- C:\Users\Alex\Desktop\music.lnk
[2012.09.21 20:33:17 | 000,140,800 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.09.21 20:33:07 | 000,283,304 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.09.21 20:32:40 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.09.16 02:58:13 | 000,000,000 | ---- | M] () -- C:\Users\Alex\Desktop\Tim_Taylor_-_Der_G_rtner_HQ.failed-conv.mp4
[2012.09.16 02:57:51 | 000,000,000 | ---- | M] () -- C:\Users\Alex\Desktop\Tim_Taylor_-_Der_G_rtner_HQ.failed-conv.flv
[2012.09.15 20:46:25 | 000,000,000 | ---- | M] () -- C:\Users\Alex\Desktop\13_Randgruppe_-_RG_Family_prod._Magic_Hands.failed-conv.mp4
[2012.09.15 20:33:44 | 001,781,747 | ---- | M] () -- C:\Users\Alex\Desktop\16_Johnny_Dim_-_Hurt_prod_Johnny.failed-conv.flv
[2012.09.15 20:32:23 | 000,000,000 | ---- | M] () -- C:\Users\Alex\Desktop\16_Johnny_Dim_-_Hurt_prod._Johnny.failed-conv.flv
[2012.09.15 20:30:04 | 000,000,000 | ---- | M] () -- C:\Users\Alex\Desktop\311_Johnny_Dim_Randgruppe_-_Hurt_prod._by_Johnny.failed-conv.mp4
[2012.09.15 20:06:02 | 001,781,747 | ---- | M] () -- C:\Users\Alex\Desktop\311_Johnny_Dim_Randgruppe_-_Hurt_prod_by_Johnny.failed-conv.flv
[2012.09.15 18:42:54 | 002,770,579 | ---- | M] () -- C:\Users\Alex\Desktop\RAG Underground_Beat_-_Battle_Instrumental.flv.MP3
[2012.09.15 18:41:45 | 004,601,240 | ---- | M] () -- C:\Users\Alex\Desktop\Eko_Fresh_feat._Bushido_Gheddo_Instrumental.flv.MP3
[2012.09.08 18:41:18 | 000,011,215 | ---- | M] () -- C:\Users\Alex\Desktop\so.odt
[2012.09.08 16:50:02 | 000,013,468 | ---- | M] () -- C:\Users\Alex\Desktop\mehrtränenanne.odt
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.05 19:52:17 | 004,837,767 | ---- | M] () -- C:\Users\Alex\Desktop\RAG Underground_Beat_-_Battle_Instrumental.flv
[2012.09.04 20:05:24 | 009,207,201 | ---- | M] () -- C:\Users\Alex\Desktop\Kinder_des_Zorns_-_Separate_-_Schlechtes_Gewissen.flv
[2012.09.01 19:01:34 | 006,035,616 | ---- | M] () -- C:\Users\Alex\Desktop\Eko_Fresh_feat._Bushido_Gheddo_Instrumental.flv
 
========== Files Created - No Company Name ==========
 
[2012.09.22 19:53:20 | 000,000,000 | ---- | C] () -- C:\Users\Alex\defogger_reenable
[2012.09.22 15:59:26 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.22 12:08:11 | 000,017,408 | ---- | C] () -- C:\Users\Alex\AppData\Local\WebpageIcons.db
[2012.09.16 02:58:11 | 000,000,000 | ---- | C] () -- C:\Users\Alex\Desktop\Tim_Taylor_-_Der_G_rtner_HQ.failed-conv.mp4
[2012.09.16 02:57:51 | 000,000,000 | ---- | C] () -- C:\Users\Alex\Desktop\Tim_Taylor_-_Der_G_rtner_HQ.failed-conv.flv
[2012.09.15 20:46:25 | 000,000,000 | ---- | C] () -- C:\Users\Alex\Desktop\13_Randgruppe_-_RG_Family_prod._Magic_Hands.failed-conv.mp4
[2012.09.15 20:33:41 | 001,781,747 | ---- | C] () -- C:\Users\Alex\Desktop\16_Johnny_Dim_-_Hurt_prod_Johnny.failed-conv.flv
[2012.09.15 20:32:23 | 000,000,000 | ---- | C] () -- C:\Users\Alex\Desktop\16_Johnny_Dim_-_Hurt_prod._Johnny.failed-conv.flv
[2012.09.15 20:30:04 | 000,000,000 | ---- | C] () -- C:\Users\Alex\Desktop\311_Johnny_Dim_Randgruppe_-_Hurt_prod._by_Johnny.failed-conv.mp4
[2012.09.15 20:05:59 | 001,781,747 | ---- | C] () -- C:\Users\Alex\Desktop\311_Johnny_Dim_Randgruppe_-_Hurt_prod_by_Johnny.failed-conv.flv
[2012.09.15 18:42:54 | 002,770,579 | ---- | C] () -- C:\Users\Alex\Desktop\RAG Underground_Beat_-_Battle_Instrumental.flv.MP3
[2012.09.15 18:41:45 | 004,601,240 | ---- | C] () -- C:\Users\Alex\Desktop\Eko_Fresh_feat._Bushido_Gheddo_Instrumental.flv.MP3
[2012.09.08 18:41:16 | 000,011,215 | ---- | C] () -- C:\Users\Alex\Desktop\so.odt
[2012.09.05 19:50:53 | 004,837,767 | ---- | C] () -- C:\Users\Alex\Desktop\RAG Underground_Beat_-_Battle_Instrumental.flv
[2012.09.04 20:02:25 | 009,207,201 | ---- | C] () -- C:\Users\Alex\Desktop\Kinder_des_Zorns_-_Separate_-_Schlechtes_Gewissen.flv
[2012.09.02 07:50:47 | 000,013,468 | ---- | C] () -- C:\Users\Alex\Desktop\mehrtränenanne.odt
[2012.09.01 18:58:51 | 006,035,616 | ---- | C] () -- C:\Users\Alex\Desktop\Eko_Fresh_feat._Bushido_Gheddo_Instrumental.flv
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.03.29 14:16:31 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.01.28 18:39:36 | 000,149,939 | ---- | C] () -- C:\Users\Alex\raps1-03.bak
[2012.01.28 18:39:36 | 000,123,203 | ---- | C] () -- C:\Users\Alex\raps1-02.bak
[2012.01.28 18:39:36 | 000,123,203 | ---- | C] () -- C:\Users\Alex\raps1.bak
[2012.01.28 18:39:36 | 000,102,458 | ---- | C] () -- C:\Users\Alex\raps1-05.bak
[2012.01.28 18:39:36 | 000,102,458 | ---- | C] () -- C:\Users\Alex\raps1-04.bak
[2012.01.28 18:39:36 | 000,086,357 | ---- | C] () -- C:\Users\Alex\raps1-06.bak
[2012.01.28 18:39:36 | 000,086,337 | ---- | C] () -- C:\Users\Alex\raps1-07.bak
[2012.01.28 18:39:36 | 000,083,927 | ---- | C] () -- C:\Users\Alex\raps1-08.bak
[2012.01.28 18:39:36 | 000,066,264 | ---- | C] () -- C:\Users\Alex\raps1-09.bak
[2012.01.28 18:39:36 | 000,061,662 | ---- | C] () -- C:\Users\Alex\raps1-10.bak
[2012.01.28 18:16:08 | 000,110,781 | ---- | C] () -- C:\Users\Alex\raps.bak
[2012.01.28 18:16:08 | 000,094,408 | ---- | C] () -- C:\Users\Alex\raps-02.bak
[2012.01.25 22:02:50 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.01.25 22:02:17 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.01.25 22:02:14 | 000,840,264 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.01.14 20:08:22 | 000,000,000 | ---- | C] () -- C:\Users\Alex\DSplit.exe
[2012.01.13 02:44:47 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.10.30 22:18:02 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.07.07 21:06:22 | 000,245,496 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.07.07 21:06:22 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.06.03 19:52:50 | 000,138,056 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\PnkBstrK.sys
[2011.06.03 19:52:17 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011.06.03 19:52:17 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.05.14 15:10:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.09 19:23:18 | 000,009,548 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.05.07 01:53:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.07 01:52:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.07 00:08:03 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
 
========== ZeroAccess Check ==========
 
[2011.12.16 15:00:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\LocalLow\Microsoft\Silverlight\is\uxgsy2rf.w4w\h1203iqf.5o5\1\l
[2012.04.06 22:02:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZEZQGG7K\cdn1.e5.mydirtyhobby.com\u
[2012.05.22 22:22:03 | 000,000,082 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZEZQGG7K\t.cxt.ms\lso.swf\u.sol
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.04.16 01:09:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ableton
[2011.05.09 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acronis
[2011.09.13 14:53:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bandoo
[2012.01.20 02:17:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BitTorrent
[2011.09.13 15:59:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GetRightToGo
[2012.09.08 18:42:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ
[2011.09.25 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2011.05.12 15:37:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++
[2011.06.21 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenCandy
[2012.01.09 17:10:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2012.09.02 18:49:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Origin
[2012.01.20 02:43:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\sim
[2011.08.21 18:37:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Steinberg
[2011.10.04 04:03:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TS3Client
[2011.06.21 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Uniblue
[2012.01.25 23:32:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Wireshark
[2011.12.22 05:27:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\XBMC
 
========== Purity Check ==========
 
 

< End of report >
         

OTL Extras logfile created on: 22.09.2012 19:58:31 - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\Alex\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,71% Memory free
4,00 Gb Paging File | 1,91 Gb Available in Paging File | 47,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 43,54 Gb Free Space | 29,75% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 256,07 Gb Free Space | 80,20% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA47925-7AAF-40A8-A07C-15CD6AB56EB5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{13711291-381B-4ABA-8EA2-F3A68E81C35C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1C5F6E65-0F23-4CED-B859-32AAA2D08743}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1CFE9BE8-741B-4DB6-95A4-2447F23D34CA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{20844349-73A8-4A29-8332-472D224CB05C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30A54F32-B01C-4240-9439-712733909CFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55C2310F-0608-40F0-B4D6-808ECB2AC61C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5C68F965-A774-4F32-BBA9-D578E700B0BC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6E8757F1-374D-4542-85B7-4FDE32FEA880}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F9CE69C-0B22-43A6-8DAF-63B46868B50E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{705B24DC-C058-42D6-A9BC-1EFCE9B6B186}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{767ABBBF-4C7C-4B59-B382-B602F68F5563}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7759430D-5129-4C6B-AF0C-B33F3DE06AD4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8414F17F-8768-4DB5-99E8-E853DCD88433}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{98266EEE-2B19-4D4C-9B84-F6E733D8EA6C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AFADF97D-1F84-41A0-9815-8F1C20E9DC29}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C996BEB5-EE8C-4B6B-8EAE-63762A5D7C9D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DE98F5BD-F2DB-4B11-9211-B2C41DA39F43}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E06807C9-986A-4428-AC44-09B57B018C5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E3B156C1-9150-4CE3-A7D4-6233D945BE97}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E62A7B3C-FA6C-43D6-921A-143C26025620}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EB773B9B-8802-4E43-9C03-3DD9434CA279}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F8AEDEBF-B543-480F-9FA7-0CFD8B8A242C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01830D6C-459A-48EB-9697-8DABC894C6CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{0AF4FE2B-AB65-4C27-9046-5AD42A937338}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{0EC162CF-FFDF-440D-991E-B0820DC775C9}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{0FAD47BE-BD34-4F39-833C-3875FB118287}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{10872C4C-775D-4C8E-A9F1-55047316E186}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{19C1B1F7-3230-47C9-8CFA-5F1E4570EED7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{1B21F455-0B12-4288-90A7-16C18B59802F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{23494EBA-5C99-4DCB-9008-730FAD5023BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{24CA2252-DA80-40B8-8283-1686F2E86874}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{25029BA9-4836-463C-8DA7-A7BC6BCF5BC5}" = protocol=6 | dir=out | app=system | 
"{2FC17FEA-0CE3-4C6D-9D52-09501FEFD32E}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{332E3289-F58D-499C-A2FE-2049D7E7F087}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{365E5D84-45FE-4386-A0C7-D5BD512D71FB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{37CA3CF8-A163-4AA6-85A2-C15F7E1A5F87}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{3F00DDAC-D8BC-488B-9F8C-3CFF74803005}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{43639F16-A571-4F7D-A499-995C50276D94}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{4583CD09-6795-410B-A079-2802A22440C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{47FE3E50-C22A-4DF9-915B-E61E75635AAD}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{499E970E-3840-40E8-A9CD-1B0E4A8A6825}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4EC72229-14F5-4FE4-8527-E843D7F6FEB3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{4FF73CF4-EA7E-4B54-8DAF-30AD5DB2C96A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{52ED8096-F1F8-433C-A3AD-6895C7B03CEA}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{56F6AAD3-6CD9-44F4-A697-66FC4962EE7B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{594F3999-0917-48A5-82D4-3A5B2468B78A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5986FA2D-D035-4757-94C1-4730CB056CAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{5DBA44B1-2C3E-48B6-A156-24DB47C279BF}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{5DF866AC-FF78-4146-B7A2-5AE08C1DBC31}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{61308B46-EAD7-4CE9-9053-304D787D85D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6436AE50-E189-431B-A3D8-D114EFBC38FA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67432FF3-273E-4A8A-A1EB-E8C2E1FF193B}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{67B685E7-7D40-4F00-9472-1DBC6C0ED545}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{74180B67-EEFC-4D39-BB96-FBF2132AFE5F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{741F24E1-9AEA-48E5-8CE6-36F5EB0E9282}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{74C9A914-6D5E-48AE-B3A2-E1E58744E21F}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{76352FBC-9576-4BA3-A827-141A2EA4D047}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{7DED304D-5024-4605-B1F8-6D69D600A97C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{7EAC48EF-F03E-4F07-AE63-68D91F2571A7}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{8150707E-63B9-4BB8-B1D8-EC5530F8CBE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{8181740F-8106-49AB-ACDE-D1AF46A57A63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{873C40AC-28E1-43CD-8631-D1DD58C9126F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{88435DF1-326D-4ADB-940F-8F73914FE51C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{8AAA3822-8EB6-4B5C-9364-816309850805}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8B5B2ACA-1C65-4842-8BFD-18B91A571515}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F14A1B4-DE86-49C0-85DD-FA8BD59ED6EE}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{93FDAE93-123D-457B-B404-BCD1DEBC6FE6}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{948FFEA2-44AE-4D3F-B195-EA873D985763}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9C0F10D9-9FC4-43B6-9BCB-01C5D937550E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{9F83B2A9-4479-4143-9DBC-05D711315B78}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | 
"{A10F8521-8733-4062-BDEC-19E652AA3C3A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{A1BAEB51-7A18-4503-9EBA-0AFDE20FCCE9}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{A32D6A6F-F6CB-4ABF-8CAB-C04D49692EE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{A8E07672-7602-4608-A02C-11414A3EDA5F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ABFE58AC-9776-4F61-9C7D-1A4F42CDD38C}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{BA134585-C61B-40AF-A919-72E9D81F07E6}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{BB5615DB-DFB6-4463-B377-9ACC2293E9BF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{BBFC69C5-E1E5-46CC-9396-E4DFF52A4110}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C01A7FDD-E9C0-4AF3-814D-86E7A256EBD6}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{C05143AE-906C-480D-A993-2FAB4F30EFF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB74CA3E-6D1B-4709-9AA6-72984983B425}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{CC141D20-49DE-4821-A3A4-6407907352E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{CDAA54C8-6774-4EBE-8CE6-ACCCB915A2B9}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{D42601F3-C3EC-4095-B29E-1BA20A08590D}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{D6FF7771-0AA1-4661-BC09-6D51324CD088}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{D8580F97-252C-4C58-898A-AF67AA35B272}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{D8763C6F-F39B-46CE-B152-47FDA1076C2F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{E04445AF-F71F-483D-BCB5-203CFD3AAB41}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E4EA39E3-5382-445C-82EC-7059618BBD3E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{E9EDE559-BD7B-4652-B767-5FC24A3C5C61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{EA78F398-2B0F-4519-B6AC-D4BBB9CBB2A8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EB6119C9-9254-4647-8B3B-74F8ADE25E5E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{EB8E0570-4347-4814-94B4-6F6DD70FF8CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{EBD90776-9855-45B1-A1C8-B258762DD1AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{ECB13C71-7B4A-4B02-95FE-7DB017CF7BE3}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | 
"{EEA28028-9C89-4B85-B539-CC898635DF2E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F093332A-23D4-40F2-9885-D983C6C7446B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{F173B982-4CDF-4783-8E58-ECDBB597462D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F2D67474-B819-4E0A-A6D3-C94D8BF8B566}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{F6C1A307-CFC8-404D-AD8B-F687820E0BD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F85770A8-2C93-4C6A-832E-0A86875E9B74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{057F5995-DBBB-4279-8BFD-37FB81767A62}C:\users\alex\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\mediaget2\mediaget.exe | 
"TCP Query User{1826EE6A-3424-4C36-B2DA-84D3C3FBB5F8}C:\users\alex\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\mediaget2\mediaget.exe | 
"TCP Query User{44BDF6E8-0D0D-4BCF-917E-2085EB4ED374}C:\program files\sim\sim.exe" = protocol=6 | dir=in | app=c:\program files\sim\sim.exe | 
"TCP Query User{52C06594-F42C-4568-9CF6-784403D06D54}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{841EE2BE-F75B-4F9F-93D4-DCE7616A332D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{8A153B90-098C-4D37-BB6C-6774E4BC8360}D:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"TCP Query User{972CC192-3FD0-48AC-98F4-A942727D15D5}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{9CDCEA85-8646-4A50-AAA2-9344971687C2}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"TCP Query User{B2A97A88-04BB-491F-8D41-582386211627}C:\program files\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"TCP Query User{CD0B4B8E-E084-47CA-B1D4-C521E065E85E}C:\users\alex\desktop\bittorrent-7.2build_25273.exe" = protocol=6 | dir=in | app=c:\users\alex\desktop\bittorrent-7.2build_25273.exe | 
"TCP Query User{F5C0B5D3-923D-4CB8-B094-2CEE6A168669}C:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"UDP Query User{004726A5-84BF-4F94-BAE9-410E0933E0E3}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{0395275A-59F9-43E7-92D5-5A4AF51189F3}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{5425E9DE-6CE2-43B4-9AB6-7BA2EF8FB0FF}C:\program files\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"UDP Query User{64A3728D-486D-4AE5-8E61-F5B6FA8E9F11}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{7CF1E112-1CCC-448E-8DE4-DFE5C55518E1}C:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"UDP Query User{9C674537-4FEB-44D4-898C-BD3632E3B6E9}C:\program files\sim\sim.exe" = protocol=17 | dir=in | app=c:\program files\sim\sim.exe | 
"UDP Query User{A2BFB204-AB32-4968-99CF-1EA63D4CDF05}D:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"UDP Query User{EB01B4FD-EC9B-4228-B0D4-4B38643C953F}C:\users\alex\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{F489D701-A95B-4CF4-A512-297BC31EA52B}C:\users\alex\desktop\bittorrent-7.2build_25273.exe" = protocol=17 | dir=in | app=c:\users\alex\desktop\bittorrent-7.2build_25273.exe | 
"UDP Query User{F97D58C9-D01D-49E0-858A-DE19AAF20224}C:\users\alex\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{FD857550-5553-45AF-9F96-E40ADA39DEF2}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{040FF9BD-17BE-427B-85DD-67694FB8F786}" = Badoo Desktop
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{35AA3D58-7EF4-4DCD-BEA7-18A6CCFC1AD9}" = JUNO-Di Editor
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5B96BF29-1CC0-42FB-AB2C-1E12E3226E7A}" = Bing Bar
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}" = Snagit 10.0.2
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A037DE27-45D9-455F-B8E0-D33690E45DF9}" = Windows Live MIME IFilter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC452A50-5C87-4A1F-B295-445C3C69BF7D}" = NVIDIA MediaShield
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"AccessDiver v4.402_is1" = AccessDiver v4.402
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"AVMWLANCLI" = AVM FRITZ!WLAN
"Bandoo" = Bandoo
"Battlelog Web Plugins" = Battlelog Web Plugins
"Debut" = Debut Video Capture Software
"DivX Setup" = DivX-Setup
"DMX5_is1" = DriverMax 5
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"iLivid" = iLivid
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Live 8.2.1" = Live 8.2.1
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PartyPoker" = PartyPoker
"PHP Editor_is1" = PHP Editor 2.22
"PokerStars" = PokerStars
"Prism" = Prism Video File Converter
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 7940" = Call of Duty 4: Modern Warfare
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VideoPad" = VideoPad Video Editor
"WebCracker 4.0" = WebCracker 4.0
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Wireshark" = Wireshark 1.6.5
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in
"XBMC" = XBMC
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.04.2012 19:38:33 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.04.2012 13:03:29 | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4f6d0e10  Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4f6d0e10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00682ae0  ID des fehlerhaften Prozesses:
 0x175c  Startzeit der fehlerhaften Anwendung: 0x01cd12849a1dc630  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Origin Games\Battlefield 3\bf3.exe  Berichtskennung: 19a0c740-7e78-11e1-a54a-001f3f04e995
 
Error - 06.04.2012 13:58:48 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\amd64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.04.2012 13:58:48 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.04.2012 10:01:13 | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4f6d0e10  Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4f6d0e10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002b2190  ID des fehlerhaften Prozesses:
 0xa08  Startzeit der fehlerhaften Anwendung: 0x01cd14c4ad0e2f90  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Origin Games\Battlefield 3\bf3.exe  Berichtskennung: 2228a150-80ba-11e1-9acc-001f3f04e995
 
Error - 08.04.2012 13:20:59 | Computer Name = Alex-PC | Source = Application Hang | ID = 1002
Description = Programm nvcplui.exe, Version 4.3.790.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1484    Startzeit:
 01cd15a35fe78790    Endzeit: 70    Anwendungspfad: C:\Program Files\NVIDIA Corporation\Control
 Panel Client\nvcplui.exe    Berichts-ID: 280f0e21-819f-11e1-9718-001f3f04e995  
 
Error - 12.04.2012 11:34:06 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\amd64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12.04.2012 11:34:06 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.04.2012 08:52:50 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\amd64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.04.2012 08:52:50 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.04.2012 20:37:32 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\amd64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.04.2012 20:37:32 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\innovative
 solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 22.09.2012 06:09:44 | Computer Name = ALEX-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 22.09.2012 06:10:27 | Computer Name = Alex-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 22.09.2012 06:11:51 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 22.09.2012 06:11:51 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 22.09.2012 06:21:35 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 22.09.2012 06:24:37 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 22.09.2012 06:24:37 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 22.09.2012 06:39:21 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 22.09.2012 06:39:21 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 22.09.2012 07:03:21 | Computer Name = Alex-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
 
< End of report >
         

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-22 20:49:13
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000064 ST350041 rev.CV15
Running: 5r1o74i7.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAdjustPrivilegesToken [0xAB09B008]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcConnectPort [0xAB04ECAE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcCreatePort [0xAB04EFF6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwAlpcSendWaitReceivePort [0xAB04F43C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwClose [0xAB037712]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwConnectPort [0xAB04E988]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateEvent [0xAB037C8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateMutant [0xAB037B70]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreatePort [0xAB04EE5A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateSection [0xAB09DE72]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateSemaphore [0xAB037DAA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateThread [0xAB09D30A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateThreadEx [0xAB09D54A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateUserProcess [0xAB09CFAE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwCreateWaitablePort [0xAB04EF28]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwDebugActiveProcess [0xAB09CE54]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwDeviceIoControlFile [0xAB037756]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwDuplicateObject [0xAB09B14A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwLoadDriver [0xAB09ADB2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwMapViewOfSection [0xAB09DC6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwNotifyChangeKey [0xAB04D118]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenEvent [0xAB037D20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenMutant [0xAB037C00]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenProcess [0xAB09C9FC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenSection [0xAB09E11E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenSemaphore [0xAB037E40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwOpenThread [0xAB09D066]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQueryDirectoryObject [0xAB037ECA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQueryObject [0xAB04D326]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwQueueApcThread [0xAB09DB20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwReplyPort [0xAB04F220]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwReplyWaitReceivePort [0xAB04F0AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwReplyWaitReceivePortEx [0xAB04F164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwRequestWaitReplyPort [0xAB04F290]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwResumeThread [0xAB09D84C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSecureConnectPort [0xAB04EB16]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetContextThread [0xAB09D9A8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetInformationToken [0xAB037F6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSetSystemInformation [0xAB09AEBC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSuspendProcess [0xAB09CB9C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSuspendThread [0xAB09D6F4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwSystemDebugControl [0xAB037F7E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwTerminateProcess [0xAB09CCFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwTerminateThread [0xAB09D206]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwUnmapViewOfSection [0xAB09E286]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                     ZwWriteVirtualMemory [0xAB09DFB0]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                 82E823C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82EBBD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                      82EC2D8C 4 Bytes  [08, B0, 09, AB]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                      82EC2DB4 8 Bytes  [AE, EC, 04, AB, F6, EF, 04, ...] {SCASB ; IN AL, DX ; ADD AL, 0xab; IMUL BH; ADD AL, 0xab}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                      82EC2DF8 4 Bytes  [3C, F4, 04, AB] {CMP AL, 0xf4; ADD AL, 0xab}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                      82EC2E24 4 Bytes  [12, 77, 03, AB] {ADC DH, [EDI+0x3]; STOSD }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                      82EC2E48 4 Bytes  JMP E088D951 
.text           ...                                                                                                      

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                          [744024CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                     [743E562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                    [743E56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                           [74402546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                 [743F85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                   [743F4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                  [743F5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                 [743F51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]        [743F6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                  [743F8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]             [743F8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]           [743F90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                 [743FE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4040] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                     [743F4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[4124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [757EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                   Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                                           tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device                                                                                                                   fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device                                                                                                                   pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                  kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice                                                                                                           fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                  kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                kltdi.sys (Network filtering component/Kaspersky Lab)

---- EOF - GMER 1.0.15 ----