Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten (https://www.trojaner-board.de/93993-malware-attacke-lassen-einige-programme-mehr-updaten.html)

u-gin 21.12.2010 20:40
Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten
 
Hallo!
Habe folgendes Problem,
vor ein paar Tagen war mein rechner mit Malware infiziert, das Problem hab ich wieder gelöst mit "Malewarebytes Anti-Malware".
Jetzt hab ich gemerkt das sich einige Programme nicht mehr updaten lassen (Avira, EA-Downloadmanager, Adobe Flash Player etc.)
es kommen immer fehlermedungen wie"verbindung zum server fehlgeschlagen".
(es wäre evt. noch normal wenn die server überlastet wären, aber nicht bei so vielen programmen.)
mit Firefox und Thunderbird gibt es keine Probleme(lassen sich auch updaten).

ich nütze Windows Vista Home Premium (32bit, SP2)

danke schon mal im vorraus!
MFG
U-GIN

rea 21.12.2010 21:29
Hallo u-gin und Willkommen am TB,

wie wärs, wenn du uns die Logs von Malwarebytes zeigst? :)

Malwarebytes starten -> Reiter Logdateien -> Poste jedes Log aus der Liste einzeln in Codetags

Und erstell zusätzlich auch Logfiles mit OTL und Gmer, dann schauen wir ob nicht doch eventuell noch vorhandene Malware an deinem Problem schuld ist:




Vorweg ein paar Hinweise (Bitte beachten!):

  • Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.
  • Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst - doofe Fragen gibt es nicht.
  • Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.
  • Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.
  • Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.
  • Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.
  • Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.
  • Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis :)



Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung:





1.) Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.




2.) Gmer - Rootkitscan
Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird Gmer beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

u-gin 21.12.2010 22:55
Malwarebytes' Anti-Malware 1.50
Malwarebytes

Datenbank Version: 5282

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10.12.2010 00:14:30
mbam-log-2010-12-10 (00-14-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 248507
Laufzeit: 55 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\Users\eugen\AppData\Local\Temp\igwqnkmplw.exe (Rogue.HDDSCan) -> 2916 -> Unloaded process successfully.
c:\Users\eugen\AppData\Local\Temp\1093457.exe (Rogue.HDDScan) -> 3804 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\eugen\AppData\Local\Temp\qvgbqcmsas.dll (Rogue.HDDScan) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IGwqNKmplw.exe (Rogue.HDDSCan) -> Value: IGwqNKmplw.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1093457 (Rogue.HDDScan) -> Value: 1093457 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\eugen\AppData\Roaming\microsoft\Windows\start menu\Programs\ultra defragger (Rogue.UltraDefragger) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\eugen\AppData\Local\Temp\qvgbqcmsas.dll (Rogue.HDDScan) -> Delete on reboot.
c:\Users\eugen\AppData\Local\Temp\igwqnkmplw.exe (Rogue.HDDSCan) -> Quarantined and deleted successfully.
c:\Users\eugen\AppData\Local\Temp\1093457.exe (Rogue.HDDScan) -> Delete on reboot.
c:\Users\eugen\AppData\Local\Temp\tmp9FD8.tmp (Rogue.HDDSCan) -> Quarantined and deleted successfully.
c:\Users\eugen\AppData\Local\Temp\0.11278017058312184.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\eugen\AppData\Roaming\microsoft\Windows\start menu\Programs\ultra defragger\ultra defragger.lnk (Rogue.UltraDefragger) -> Quarantined and deleted successfully.
c:\Users\eugen\AppData\Roaming\microsoft\Windows\start menu\Programs\ultra defragger\uninstall ultra defragger.lnk (Rogue.UltraDefragger) -> Quarantined and deleted successfully.


das war das letzte

rea 22.12.2010 06:24
Okay, dann fehlen jetzt noch OTL und Gmer.

u-gin 22.12.2010 19:29
ok hier ist OTLOTL Logfile:
Code:
OTL logfile created on: 22.12.2010 19:18:20 - Run 2
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,22 Gb Free Space | 30,15% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 15,52 Gb Free Space | 34,71% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.12.10 00:26:25 | 012,584,112 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009.11.22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009.10.14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2009.10.14 14:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.02.01 19:31:42 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010.02.01 19:31:42 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2009.10.14 14:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.10.14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.22 15:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.10.14 14:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.02.16 21:13:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.11 17:04:16 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.21 19:42:31 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml
[2010.12.19 02:48:34 | 000,001,056 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\icqplugin.xml
[2010.12.08 00:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.22 19:10:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.22 18:50:29 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 18:48:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 18:48:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 18:48:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 18:48:46 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 00:17:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.12.21 19:09:31 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.12.19 16:22:17 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.19 16:22:17 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.19 16:22:17 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.19 16:22:17 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 22:00:55 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:19:45 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:22 | 000,001,356 | ---- | M] () -- C:\Users\eugen\AppData\Local\d3d9caps.dat
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.20 19:59:12 | 000,001,356 | ---- | C] () -- C:\Users\eugen\AppData\Local\d3d9caps.dat
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2010.12.21 20:46:00 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.11.17 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\SparweltGutschein
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2010.12.22 00:17:12 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 22.12.2010 19:18:20 - Run 2
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,22 Gb Free Space | 30,15% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 15,52 Gb Free Space | 34,71% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system |
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Filzip 3.0.6.93_is1" = Filzip 3.06
"ICQToolbar" = ICQ Toolbar
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Winload Toolbar" = Winload Toolbar
"Zattoo4" = Zattoo4 4.0.5
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.09.2010 06:48:33 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 06:48:33 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 06:48:33 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 08:51:08 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 08:51:08 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 08:51:08 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 08:51:08 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 08:51:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 08:51:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 08:51:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description =
 
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description =
 
[ System Events ]
Error - 20.12.2010 14:22:53 | Computer Name = eugen-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.32  registriert werden. Der Computer mit IP-Adresse 192.168.2.33
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 20.12.2010 14:23:32 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 20.12.2010 14:23:32 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.12.2010 14:08:26 | Computer Name = eugen-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.32  registriert werden. Der Computer mit IP-Adresse 192.168.2.33
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 21.12.2010 14:09:08 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 21.12.2010 14:09:08 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 22.12.2010 13:49:28 | Computer Name = eugen-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.32 für die Netzwerkkarte mit der Netzwerkadresse
 0015AF378B94 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 22.12.2010 13:49:45 | Computer Name = eugen-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.34  registriert werden. Der Computer mit IP-Adresse 192.168.2.32
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 22.12.2010 13:50:17 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 22.12.2010 13:50:17 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---


das andere kommt gleich

u-gin 22.12.2010 20:15
GMER Logfile:
Code:
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-22 20:12:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542512K9SA00 rev.BB2OC31P
Running: 5lvc84qm.exe; Driver: C:\Users\eugen\AppData\Local\Temp\pwlcapow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwAlpcConnectPort [0x8F0D20A2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwAlpcCreatePort [0x8F0D2972]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwConnectPort [0x8F0D1AF8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwCreateFile [0x8F0CB0D8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwCreateKey [0x8F0E9AA6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwCreatePort [0x8F0D2602]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwCreateWaitablePort [0x8F0D2760]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwDeleteFile [0x8F0CBF9A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwDeleteKey [0x8F0EB4BC]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwDeleteValueKey [0x8F0EADB2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwLoadKey [0x8F0EBE86]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwLoadKey2 [0x8F0EC0C4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwLoadKeyEx [0x8F0EC576]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwOpenFile [0x8F0CBA8C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwRenameKey [0x8F0ED30C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwReplaceKey [0x8F0EC840]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwRequestWaitReplyPort [0x8F0D1690]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwRestoreKey [0x8F0ECF4C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwSetInformationFile [0x8F0CC3A4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwSetSecurityObject [0x8F0ED894]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwSetValueKey [0x8F0EA4D6]

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 13D                                                                                                      824BD8A0 8 Bytes  [A2, 20, 0D, 8F, 72, 29, 0D, ...]
.text          ntkrnlpa.exe!KeSetEvent + 1C1                                                                                                      824BD924 4 Bytes  [F8, 1A, 0D, 8F]
.text          ntkrnlpa.exe!KeSetEvent + 1D9                                                                                                      824BD93C 4 Bytes  [D8, B0, 0C, 8F]
.text          ntkrnlpa.exe!KeSetEvent + 1E9                                                                                                      824BD94C 4 Bytes  [A6, 9A, 0E, 8F]
.text          ntkrnlpa.exe!KeSetEvent + 205                                                                                                      824BD968 4 Bytes  [02, 26, 0D, 8F]
.text          ...                                                                                                                               
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                                            section is writeable [0x9CB1E300, 0x3ACC8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                            section is writeable [0x9CB64300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtAccessCheckByType                                                              77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtAlpcImpersonateClientOfPort                                                    77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtImpersonateClientOfPort                                                        779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtSetInformationProcess                                                          77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] kernel32.dll!OpenProcess                                                                  77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] USER32.dll!FindWindowA                                                                    76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] USER32.dll!FindWindowW                                                                    766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ADVAPI32.dll!ImpersonateNamedPipeClient                                                    77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ADVAPI32.dll!SetThreadToken                                                                77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ntdll.dll!NtAccessCheckByType                                                                  77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ntdll.dll!NtAlpcImpersonateClientOfPort                                                        77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ntdll.dll!NtImpersonateClientOfPort                                                            779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ntdll.dll!NtSetInformationProcess                                                              77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!ImpersonateNamedPipeClient                                                        77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!SetThreadToken                                                                    77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] USER32.dll!FindWindowA                                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] USER32.dll!FindWindowW                                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ntdll.dll!NtAccessCheckByType                                                                    77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ntdll.dll!NtAlpcImpersonateClientOfPort                                                          77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ntdll.dll!NtImpersonateClientOfPort                                                              779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ntdll.dll!NtSetInformationProcess                                                                77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] kernel32.dll!OpenProcess                                                                          77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!ImpersonateNamedPipeClient                                                          77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!SetThreadToken                                                                      77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] USER32.dll!FindWindowA                                                                            76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] USER32.dll!FindWindowW                                                                            766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!LdrLoadDll                                                            77959390 5 Bytes  JMP 013A13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtAccessCheckByType                                                    77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtAlpcImpersonateClientOfPort                                          77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtImpersonateClientOfPort                                              779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtSetInformationProcess                                                77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] kernel32.dll!SetUnhandledExceptionFilter                                        77ADA84F 5 Bytes  JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] kernel32.dll!OpenProcess                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ADVAPI32.dll!ImpersonateNamedPipeClient                                          77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ADVAPI32.dll!SetThreadToken                                                      77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!closesocket                                                          761A330C 5 Bytes  JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!recv                                                                  761A343A 5 Bytes  JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASend                                                              761A4496 5 Bytes  JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!send                                                                  761A659B 5 Bytes  JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!sendto                                                                761A67C5 5 Bytes  JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSARecv                                                              761A8400 5 Bytes  JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASendDisconnect                                                    761BA3E9 5 Bytes  JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASendTo                                                            761BA474 5 Bytes  JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!IsWindowUnicode + 37                                                  766990B5 5 Bytes  JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!FindWindowA                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!FindWindowW                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtAccessCheckByType                                                                    77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtAlpcImpersonateClientOfPort                                                          77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtImpersonateClientOfPort                                                              779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtSetInformationProcess                                                                77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] kernel32.dll!OpenProcess                                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ADVAPI32.dll!ImpersonateNamedPipeClient                                                          77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ADVAPI32.dll!SetThreadToken                                                                      77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] USER32.dll!FindWindowA                                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] USER32.dll!FindWindowW                                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtAccessCheckByType                                                              77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtAlpcImpersonateClientOfPort                                                    77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtImpersonateClientOfPort                                                        779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtSetInformationProcess                                                          77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ADVAPI32.dll!ImpersonateNamedPipeClient                                                    77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ADVAPI32.dll!SetThreadToken                                                                77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtAccessCheckByType                                                  77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtAlpcImpersonateClientOfPort                                        77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtImpersonateClientOfPort                                            779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtSetInformationProcess                                              77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] kernel32.dll!OpenProcess                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] USER32.dll!FindWindowA                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] USER32.dll!FindWindowW                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ADVAPI32.dll!ImpersonateNamedPipeClient                                        77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ADVAPI32.dll!SetThreadToken                                                    77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtAccessCheckByType                                                  77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtAlpcImpersonateClientOfPort                                        77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtImpersonateClientOfPort                                            779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtSetInformationProcess                                              77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] kernel32.dll!OpenProcess                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] USER32.dll!FindWindowA                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] USER32.dll!FindWindowW                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ADVAPI32.dll!ImpersonateNamedPipeClient                                        77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ADVAPI32.dll!SetThreadToken                                                    77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtAccessCheckByType                                  77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtAlpcImpersonateClientOfPort                        77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtImpersonateClientOfPort                            779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtSetInformationProcess                              77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] kernel32.dll!OpenProcess                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] USER32.dll!FindWindowA                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] USER32.dll!FindWindowW                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ADVAPI32.dll!ImpersonateNamedPipeClient                        77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ADVAPI32.dll!SetThreadToken                                    77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtAccessCheckByType                                                      77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtAlpcImpersonateClientOfPort                                            77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtImpersonateClientOfPort                                                779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtSetInformationProcess                                                  77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] kernel32.dll!OpenProcess                                                            77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ADVAPI32.dll!ImpersonateNamedPipeClient                                            77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ADVAPI32.dll!SetThreadToken                                                        77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] USER32.dll!FindWindowA                                                              76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] USER32.dll!FindWindowW                                                              766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtAccessCheckByType                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtAlpcImpersonateClientOfPort                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtImpersonateClientOfPort                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtSetInformationProcess                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ADVAPI32.dll!ImpersonateNamedPipeClient                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ADVAPI32.dll!SetThreadToken                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1880] kernel32.dll!OpenProcess                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1880] USER32.dll!IsWindowUnicode + 37                                          766990B5 5 Bytes  JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtAccessCheckByType                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtAlpcImpersonateClientOfPort                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtImpersonateClientOfPort                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtSetInformationProcess                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] kernel32.dll!OpenProcess                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ADVAPI32.dll!ImpersonateNamedPipeClient                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ADVAPI32.dll!SetThreadToken                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] USER32.dll!FindWindowA                                                  76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] USER32.dll!FindWindowW                                                  766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtAccessCheckByType                                            77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtAlpcImpersonateClientOfPort                                  77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtImpersonateClientOfPort                                      779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtSetInformationProcess                                        77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] kernel32.dll!OpenProcess                                                  77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ADVAPI32.dll!ImpersonateNamedPipeClient                                  77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ADVAPI32.dll!SetThreadToken                                              77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!FindWindowA                                                    76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!FindWindowW                                                    766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtAccessCheckByType                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtAlpcImpersonateClientOfPort                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtImpersonateClientOfPort                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtSetInformationProcess                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ADVAPI32.dll!ImpersonateNamedPipeClient                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ADVAPI32.dll!SetThreadToken                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] kernel32.dll!OpenProcess                                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] USER32.dll!FindWindowA                                                                  76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] USER32.dll!FindWindowW                                                                  766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtAccessCheckByType                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtAlpcImpersonateClientOfPort                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtImpersonateClientOfPort                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtSetInformationProcess                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] kernel32.dll!OpenProcess                                                            77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] USER32.dll!FindWindowA                                                              76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] USER32.dll!FindWindowW                                                              766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ADVAPI32.dll!ImpersonateNamedPipeClient                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ADVAPI32.dll!SetThreadToken                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtAccessCheckByType                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtAlpcImpersonateClientOfPort                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtImpersonateClientOfPort                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtSetInformationProcess                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] kernel32.dll!SetUnhandledExceptionFilter                            77ADA84F 5 Bytes  JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] kernel32.dll!OpenProcess                                            77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ADVAPI32.dll!ImpersonateNamedPipeClient                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ADVAPI32.dll!SetThreadToken                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtAccessCheckByType                                            77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtAlpcImpersonateClientOfPort                                  77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtImpersonateClientOfPort                                      779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtSetInformationProcess                                        77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] kernel32.dll!OpenProcess                                                  77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ADVAPI32.dll!ImpersonateNamedPipeClient                                  77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ADVAPI32.dll!SetThreadToken                                              77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] USER32.dll!FindWindowA                                                    76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] USER32.dll!FindWindowW                                                    766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ntdll.dll!NtAccessCheckByType                                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ntdll.dll!NtAlpcImpersonateClientOfPort                                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ntdll.dll!NtImpersonateClientOfPort                                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ntdll.dll!NtSetInformationProcess                                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] kernel32.dll!OpenProcess                                                                            77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ADVAPI32.dll!ImpersonateNamedPipeClient                                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ADVAPI32.dll!SetThreadToken                                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] USER32.dll!FindWindowA                                                                              76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] USER32.dll!FindWindowW                                                                              766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtAccessCheckByType                                                            77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtAlpcImpersonateClientOfPort                                                  77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtImpersonateClientOfPort                                                      779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtSetInformationProcess                                                        77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] kernel32.dll!OpenProcess                                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] USER32.dll!FindWindowA                                                                  76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] USER32.dll!FindWindowW                                                                  766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ADVAPI32.dll!ImpersonateNamedPipeClient                                                  77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ADVAPI32.dll!SetThreadToken                                                              77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Apoint2K\Apvfb.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                            [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[536] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\services.exe[668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\lsass.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\lsm.exe[752] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                    [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Mozilla Firefox\firefox.exe[912] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[960] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\System32\svchost.exe[1024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\ehome\ehmsas.exe[1092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\Ati2evxx.exe[1124] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\System32\svchost.exe[1144] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\System32\svchost.exe[1208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[1240] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[1420] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[1532] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[1584] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                      [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]          [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\System32\spoolsv.exe[1996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\System32\svchost.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\SearchIndexer.exe[2144] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]            [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\wbem\wmiprvse.exe[2524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Apoint2K\Apntex.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                          [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                      [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]      [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\taskeng.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]            [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Apoint2K\HidFind.exe[3560] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\explorer.exe[4568] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                      [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Users\eugen\Desktop\5lvc84qm.exe[5700] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                          [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                            AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b                                                       
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)                                   
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex                                                                    1

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                                                0 bytes
File            C:\ADSM_PData_0150\DB                                                                                                              0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                                                        624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                                                        16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                                                        16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                                                        512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                                                    253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                                                            512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                                                        0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                                              27504 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                                                  512 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---

so und nun abwarten ;)

u-gin 22.12.2010 20:15
GMER Logfile:
Code:
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-22 20:12:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542512K9SA00 rev.BB2OC31P
Running: 5lvc84qm.exe; Driver: C:\Users\eugen\AppData\Local\Temp\pwlcapow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwAlpcConnectPort [0x8F0D20A2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwAlpcCreatePort [0x8F0D2972]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwConnectPort [0x8F0D1AF8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwCreateFile [0x8F0CB0D8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwCreateKey [0x8F0E9AA6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwCreatePort [0x8F0D2602]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwCreateWaitablePort [0x8F0D2760]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwDeleteFile [0x8F0CBF9A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwDeleteKey [0x8F0EB4BC]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwDeleteValueKey [0x8F0EADB2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwLoadKey [0x8F0EBE86]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwLoadKey2 [0x8F0EC0C4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwLoadKeyEx [0x8F0EC576]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwOpenFile [0x8F0CBA8C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwRenameKey [0x8F0ED30C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwReplaceKey [0x8F0EC840]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwRequestWaitReplyPort [0x8F0D1690]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwRestoreKey [0x8F0ECF4C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwSetInformationFile [0x8F0CC3A4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwSetSecurityObject [0x8F0ED894]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                    ZwSetValueKey [0x8F0EA4D6]

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 13D                                                                                                      824BD8A0 8 Bytes  [A2, 20, 0D, 8F, 72, 29, 0D, ...]
.text          ntkrnlpa.exe!KeSetEvent + 1C1                                                                                                      824BD924 4 Bytes  [F8, 1A, 0D, 8F]
.text          ntkrnlpa.exe!KeSetEvent + 1D9                                                                                                      824BD93C 4 Bytes  [D8, B0, 0C, 8F]
.text          ntkrnlpa.exe!KeSetEvent + 1E9                                                                                                      824BD94C 4 Bytes  [A6, 9A, 0E, 8F]
.text          ntkrnlpa.exe!KeSetEvent + 205                                                                                                      824BD968 4 Bytes  [02, 26, 0D, 8F]
.text          ...                                                                                                                               
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                                            section is writeable [0x9CB1E300, 0x3ACC8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                            section is writeable [0x9CB64300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtAccessCheckByType                                                              77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtAlpcImpersonateClientOfPort                                                    77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtImpersonateClientOfPort                                                        779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ntdll.dll!NtSetInformationProcess                                                          77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] kernel32.dll!OpenProcess                                                                  77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] USER32.dll!FindWindowA                                                                    76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] USER32.dll!FindWindowW                                                                    766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ADVAPI32.dll!ImpersonateNamedPipeClient                                                    77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apvfb.exe[12] ADVAPI32.dll!SetThreadToken                                                                77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[536] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wininit.exe[624] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\services.exe[668] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ntdll.dll!NtAccessCheckByType                                                                  77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ntdll.dll!NtAlpcImpersonateClientOfPort                                                        77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ntdll.dll!NtImpersonateClientOfPort                                                            779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ntdll.dll!NtSetInformationProcess                                                              77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!ImpersonateNamedPipeClient                                                        77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!SetThreadToken                                                                    77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] USER32.dll!FindWindowA                                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsass.exe[728] USER32.dll!FindWindowW                                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ntdll.dll!NtAccessCheckByType                                                                    77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ntdll.dll!NtAlpcImpersonateClientOfPort                                                          77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ntdll.dll!NtImpersonateClientOfPort                                                              779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ntdll.dll!NtSetInformationProcess                                                                77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] kernel32.dll!OpenProcess                                                                          77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!ImpersonateNamedPipeClient                                                          77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!SetThreadToken                                                                      77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] USER32.dll!FindWindowA                                                                            76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\lsm.exe[752] USER32.dll!FindWindowW                                                                            766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[880] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!LdrLoadDll                                                            77959390 5 Bytes  JMP 013A13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtAccessCheckByType                                                    77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtAlpcImpersonateClientOfPort                                          77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtImpersonateClientOfPort                                              779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ntdll.dll!NtSetInformationProcess                                                77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] kernel32.dll!SetUnhandledExceptionFilter                                        77ADA84F 5 Bytes  JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] kernel32.dll!OpenProcess                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ADVAPI32.dll!ImpersonateNamedPipeClient                                          77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] ADVAPI32.dll!SetThreadToken                                                      77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!closesocket                                                          761A330C 5 Bytes  JMP 20A93BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!recv                                                                  761A343A 5 Bytes  JMP 20A93C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASend                                                              761A4496 5 Bytes  JMP 20A93F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!send                                                                  761A659B 5 Bytes  JMP 20A93CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!sendto                                                                761A67C5 5 Bytes  JMP 20A93D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSARecv                                                              761A8400 5 Bytes  JMP 20A93E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASendDisconnect                                                    761BA3E9 5 Bytes  JMP 20A9409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] WS2_32.dll!WSASendTo                                                            761BA474 5 Bytes  JMP 20A93FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!IsWindowUnicode + 37                                                  766990B5 5 Bytes  JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!FindWindowA                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[912] USER32.dll!FindWindowW                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] kernel32.dll!OpenProcess                                                                      77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] USER32.dll!FindWindowA                                                                        76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[960] USER32.dll!FindWindowW                                                                        766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1024] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtAccessCheckByType                                                                    77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtAlpcImpersonateClientOfPort                                                          77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtImpersonateClientOfPort                                                              779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ntdll.dll!NtSetInformationProcess                                                                77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] kernel32.dll!OpenProcess                                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ADVAPI32.dll!ImpersonateNamedPipeClient                                                          77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] ADVAPI32.dll!SetThreadToken                                                                      77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] USER32.dll!FindWindowA                                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\ehome\ehmsas.exe[1092] USER32.dll!FindWindowW                                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtAccessCheckByType                                                              77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtAlpcImpersonateClientOfPort                                                    77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtImpersonateClientOfPort                                                        779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ntdll.dll!NtSetInformationProcess                                                          77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ADVAPI32.dll!ImpersonateNamedPipeClient                                                    77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\Ati2evxx.exe[1124] ADVAPI32.dll!SetThreadToken                                                                77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1144] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[1208] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1240] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1420] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1532] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtAccessCheckByType                                                  77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtAlpcImpersonateClientOfPort                                        77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtImpersonateClientOfPort                                            779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ntdll.dll!NtSetInformationProcess                                              77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] kernel32.dll!OpenProcess                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] USER32.dll!FindWindowA                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] USER32.dll!FindWindowW                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ADVAPI32.dll!ImpersonateNamedPipeClient                                        77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] ADVAPI32.dll!SetThreadToken                                                    77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[1584] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtAccessCheckByType                                                  77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtAlpcImpersonateClientOfPort                                        77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtImpersonateClientOfPort                                            779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ntdll.dll!NtSetInformationProcess                                              77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] kernel32.dll!OpenProcess                                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] USER32.dll!FindWindowA                                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] USER32.dll!FindWindowW                                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ADVAPI32.dll!ImpersonateNamedPipeClient                                        77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] ADVAPI32.dll!SetThreadToken                                                    77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtAccessCheckByType                                  77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtAlpcImpersonateClientOfPort                        77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtImpersonateClientOfPort                            779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ntdll.dll!NtSetInformationProcess                              77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] kernel32.dll!OpenProcess                                        77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] USER32.dll!FindWindowA                                          76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] USER32.dll!FindWindowW                                          766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ADVAPI32.dll!ImpersonateNamedPipeClient                        77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] ADVAPI32.dll!SetThreadToken                                    77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtAccessCheckByType                                                      77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtAlpcImpersonateClientOfPort                                            77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtImpersonateClientOfPort                                                779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ntdll.dll!NtSetInformationProcess                                                  77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] kernel32.dll!OpenProcess                                                            77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ADVAPI32.dll!ImpersonateNamedPipeClient                                            77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] ADVAPI32.dll!SetThreadToken                                                        77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] USER32.dll!FindWindowA                                                              76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] USER32.dll!FindWindowW                                                              766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtAccessCheckByType                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtAlpcImpersonateClientOfPort                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtImpersonateClientOfPort                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ntdll.dll!NtSetInformationProcess                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ADVAPI32.dll!ImpersonateNamedPipeClient                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] ADVAPI32.dll!SetThreadToken                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1880] kernel32.dll!OpenProcess                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1880] USER32.dll!IsWindowUnicode + 37                                          766990B5 5 Bytes  JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtAccessCheckByType                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtAlpcImpersonateClientOfPort                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtImpersonateClientOfPort                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ntdll.dll!NtSetInformationProcess                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] kernel32.dll!OpenProcess                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ADVAPI32.dll!ImpersonateNamedPipeClient                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] ADVAPI32.dll!SetThreadToken                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] USER32.dll!FindWindowA                                                  76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] USER32.dll!FindWindowW                                                  766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\spoolsv.exe[1996] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\svchost.exe[2064] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\System32\svchost.exe[2104] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\SearchIndexer.exe[2144] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtAccessCheckByType                                            77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtAlpcImpersonateClientOfPort                                  77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtImpersonateClientOfPort                                      779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!NtSetInformationProcess                                        77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] kernel32.dll!OpenProcess                                                  77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ADVAPI32.dll!ImpersonateNamedPipeClient                                  77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ADVAPI32.dll!SetThreadToken                                              77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!FindWindowA                                                    76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!FindWindowW                                                    766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\wbem\wmiprvse.exe[2524] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtAccessCheckByType                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtAlpcImpersonateClientOfPort                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtImpersonateClientOfPort                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ntdll.dll!NtSetInformationProcess                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ADVAPI32.dll!ImpersonateNamedPipeClient                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] ADVAPI32.dll!SetThreadToken                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] kernel32.dll!OpenProcess                                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] USER32.dll!FindWindowA                                                                  76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] USER32.dll!FindWindowW                                                                  766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\Apntex.exe[3032] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtAccessCheckByType                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtAlpcImpersonateClientOfPort                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtImpersonateClientOfPort                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ntdll.dll!NtSetInformationProcess                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] kernel32.dll!OpenProcess                                                            77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] USER32.dll!FindWindowA                                                              76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] USER32.dll!FindWindowW                                                              766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ADVAPI32.dll!ImpersonateNamedPipeClient                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] ADVAPI32.dll!SetThreadToken                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtAccessCheckByType                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtAlpcImpersonateClientOfPort                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtImpersonateClientOfPort                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ntdll.dll!NtSetInformationProcess                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] kernel32.dll!SetUnhandledExceptionFilter                            77ADA84F 5 Bytes  JMP 209A37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] kernel32.dll!OpenProcess                                            77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ADVAPI32.dll!ImpersonateNamedPipeClient                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] ADVAPI32.dll!SetThreadToken                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtAccessCheckByType                                                                77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtImpersonateClientOfPort                                                          779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ntdll.dll!NtSetInformationProcess                                                            77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] kernel32.dll!OpenProcess                                                                    77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] ADVAPI32.dll!SetThreadToken                                                                  77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] USER32.dll!FindWindowA                                                                      76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\system32\taskeng.exe[3284] USER32.dll!FindWindowW                                                                      766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtAccessCheckByType                                            77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtAlpcImpersonateClientOfPort                                  77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtImpersonateClientOfPort                                      779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ntdll.dll!NtSetInformationProcess                                        77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] kernel32.dll!OpenProcess                                                  77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ADVAPI32.dll!ImpersonateNamedPipeClient                                  77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] ADVAPI32.dll!SetThreadToken                                              77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] USER32.dll!FindWindowA                                                    76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] USER32.dll!FindWindowW                                                    766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtAccessCheckByType                                                          77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtAlpcImpersonateClientOfPort                                                77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtImpersonateClientOfPort                                                    779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ntdll.dll!NtSetInformationProcess                                                      77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] kernel32.dll!OpenProcess                                                              77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] USER32.dll!FindWindowA                                                                76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] USER32.dll!FindWindowW                                                                766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Program Files\Apoint2K\HidFind.exe[3560] ADVAPI32.dll!SetThreadToken                                                            77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ntdll.dll!NtAccessCheckByType                                                                        77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ntdll.dll!NtAlpcImpersonateClientOfPort                                                              77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ntdll.dll!NtImpersonateClientOfPort                                                                  779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ntdll.dll!NtSetInformationProcess                                                                    77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] kernel32.dll!OpenProcess                                                                            77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ADVAPI32.dll!ImpersonateNamedPipeClient                                                              77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] ADVAPI32.dll!SetThreadToken                                                                          77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] USER32.dll!FindWindowA                                                                              76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Windows\explorer.exe[4568] USER32.dll!FindWindowW                                                                              766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtAccessCheckByType                                                            77994044 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtAlpcImpersonateClientOfPort                                                  77994214 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtImpersonateClientOfPort                                                      779949E4 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ntdll.dll!NtSetInformationProcess                                                        77995324 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] kernel32.dll!OpenProcess                                                                77AF7267 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] USER32.dll!FindWindowA                                                                  76699D76 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] USER32.dll!FindWindowW                                                                  766AA441 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ADVAPI32.dll!ImpersonateNamedPipeClient                                                  77873A48 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text          C:\Users\eugen\Desktop\5lvc84qm.exe[5700] ADVAPI32.dll!SetThreadToken                                                              77888E21 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Apoint2K\Apvfb.exe[12] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                            [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[536] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\wininit.exe[624] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\services.exe[668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\lsass.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\lsm.exe[752] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                    [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Mozilla Firefox\firefox.exe[912] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[960] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\System32\svchost.exe[1024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\ehome\ehmsas.exe[1092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\Ati2evxx.exe[1124] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\System32\svchost.exe[1144] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\System32\svchost.exe[1208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[1240] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[1420] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[1532] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[1580] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[1584] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ICQ6Toolbar\ICQ Service.exe[1632] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1828] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ATK Hotkey\ASLDRSrv.exe[1840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                      [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1944] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]          [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\System32\spoolsv.exe[1996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\svchost.exe[2064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\System32\svchost.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\SearchIndexer.exe[2144] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]            [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\wbem\wmiprvse.exe[2524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Apoint2K\ApMsgFwd.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Apoint2K\Apntex.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                          [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\ATK Hotkey\KBFiltr.exe[3272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                      [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3276] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]      [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\system32\taskeng.exe[3284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Windows Media Player\wmpnscfg.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]            [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Program Files\Apoint2K\HidFind.exe[3560] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Windows\explorer.exe[4568] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                      [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT            C:\Users\eugen\Desktop\5lvc84qm.exe[5700] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                          [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                            AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b                                                       
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)                                   
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex                                                                    1

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                                                0 bytes
File            C:\ADSM_PData_0150\DB                                                                                                              0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                                                        624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                                                        16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                                                        16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                                                        512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                                                    253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                                                            512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                                                        0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                                              27504 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                                                  512 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---


so und nun abwarten ;)

rea 22.12.2010 23:23
Beim normalen Surfen mit den Browsern geht alles normal, es gibt nur Updateprobleme?
Nutzt du einen Proxy?



1.) Deinstallation von Software
  • -> Start
  • -> Systemsteuerung
  • -> Programme und Funktionen
  • -> Programm deinstallieren
  • Wähle nun jeweils eine Software aus:
    Code:
    Google Update Helper
    ICQ Toolbar
    Winload Toolbar
    ZoneAlarm Toolbar
  • -> ändern/entfernen und deinstallieren.


Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist.




2.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Code:
    :OTL
    IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
    FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
    O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
    [2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml
    [2010.12.21 19:09:31 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
    [2010.12.09 21:25:22 | 000,001,356 | ---- | M] () -- C:\Users\eugen\AppData\Local\d3d9caps.dat
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.




Erstelle zuletzt dann zwei neue Logfiles mit OTL und poste sie mir hier.

u-gin 22.12.2010 23:31
kann ich das auch morgen tun?
bin sehr müde und wollte jetzt in bett

rea 23.12.2010 19:33
Klaro, bloss keine Hektik :)

u-gin 25.12.2010 16:47
Hey und Frohe Weihnachten!

hier ist der "Fix Log"?
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Winload Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files\Winload\tbWinl.dll not found.
C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml moved successfully.
C:\Windows\System32\acovcnt.exe moved successfully.
C:\Users\eugen\AppData\Local\d3d9caps.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: eugen
->Temp folder emptied: 96624998 bytes
->Temporary Internet Files folder emptied: 610532 bytes
->Java cache emptied: 2535770 bytes
->FireFox cache emptied: 81646395 bytes
->Flash cache emptied: 33305 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2180540 bytes
RecycleBin emptied: 731871537 bytes

Total Files Cleaned = 873,00 mb



OTL by OldTimer - Version 3.2.18.0 log created on 12252010_164058

Files\Folders moved on Reboot...
C:\Users\eugen\AppData\Local\Temp\~DFB61B.tmp moved successfully.
File\Folder C:\Windows\temp\ZLT0202e.TMP not found!

Registry entries deleted on Reboot...

u-gin 25.12.2010 16:58
so und das ist der scan log:OTL Logfile:
Code:
OTL logfile created on: 25.12.2010 16:50:53 - Run 3
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 21,20 Gb Free Space | 31,60% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 16,20 Gb Free Space | 36,23% Space Free | Partition Type: NTFS
Drive F: | 1,90 Gb Total Space | 0,15 Gb Free Space | 7,77% Space Free | Partition Type: FAT
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009.11.22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.22 15:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.11 17:04:16 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.25 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.19 02:48:34 | 000,001,056 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\icqplugin.xml
[2010.12.08 00:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.25 16:51:35 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.25 16:51:35 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.25 16:51:35 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.25 16:51:35 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.25 16:46:17 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.12.25 16:45:59 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.25 16:45:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 16:45:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 16:45:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.25 16:45:29 | 2144,595,968 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.25 16:44:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.12.25 16:10:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 22:00:55 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:19:45 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.12.25 16:46:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2144,595,968 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2010.12.21 20:46:00 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.11.17 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\SparweltGutschein
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2010.12.25 16:44:36 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

u-gin 25.12.2010 16:58
so und das ist der scan log:OTL Logfile:
Code:
OTL logfile created on: 25.12.2010 16:50:53 - Run 3
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 21,20 Gb Free Space | 31,60% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 16,20 Gb Free Space | 36,23% Space Free | Partition Type: NTFS
Drive F: | 1,90 Gb Total Space | 0,15 Gb Free Space | 7,77% Space Free | Partition Type: FAT
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009.11.22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.22 15:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.11 17:04:16 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.25 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.19 02:48:34 | 000,001,056 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\icqplugin.xml
[2010.12.08 00:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.25 16:51:35 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.25 16:51:35 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.25 16:51:35 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.25 16:51:35 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.25 16:46:17 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.12.25 16:45:59 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.25 16:45:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 16:45:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 16:45:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.25 16:45:29 | 2144,595,968 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.25 16:44:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.12.25 16:10:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 22:00:55 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:19:45 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.12.25 16:46:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2144,595,968 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2010.12.21 20:46:00 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.11.17 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\SparweltGutschein
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2010.12.25 16:44:36 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

rea 25.12.2010 17:53
Dir auch frohe Weihnachten :)


Du musst noch meine Fragen beantworten:
Zitat:
Beim normalen Surfen mit den Browsern geht alles normal, es gibt nur Updateprobleme?
Nutzt du einen Proxy?

Und du hast wohl ausversehen zweimal dasselbe OTL-Logfile (vom Systemscan) gepostet, es fehlt mir noch die Extras.txt.

u-gin 25.12.2010 17:58
beim surfen gibt es keine probleme, kann sogar meine e-mails per Thunderbird
abrufen und beantworten.
ich weiss nicht mal so richtig was Proxy ist und wofür es gut sein soll.

es hat beim scannen nur dies eine dokument gegeben.

rea 25.12.2010 18:11
Beim letzten Mal wurden dir doch auch zwei Editorfenster mit den Logs geöffnet? Schau mal genau auf deinem Desktop, sonst wurden sie vielleicht im Ordner C:\_OTL gespeichert. Schau dort auch noch nach oder benutz die Windowssuche.
Ansonsten lösch alle vorhandenen Logfiles von OTL und erstelle im Anschluss zwei neue.

u-gin 25.12.2010 18:24
jetzt hab ichs
OTL:OTL Logfile:
Code:
OTL logfile created on: 25.12.2010 18:18:26 - Run 4
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,82 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 16,20 Gb Free Space | 36,23% Space Free | Partition Type: NTFS
Drive F: | 1,90 Gb Total Space | 0,15 Gb Free Space | 7,77% Space Free | Partition Type: FAT
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009.11.22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.22 15:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.11 17:04:16 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.25 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.19 02:48:34 | 000,001,056 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\icqplugin.xml
[2010.12.08 00:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.25 18:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.25 16:51:35 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.25 16:51:35 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.25 16:51:35 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.25 16:51:35 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.25 16:46:17 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.12.25 16:45:59 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.25 16:45:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 16:45:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 16:45:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.25 16:45:29 | 2144,595,968 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.25 16:44:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 22:00:55 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:19:45 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2010.11.30 18:48:22 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.12.25 16:46:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2144,595,968 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2010.12.21 20:46:00 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.11.17 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\SparweltGutschein
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2010.12.25 16:44:36 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

und Extras:OTL Logfile:
Code:
OTL Extras logfile created on: 25.12.2010 18:18:26 - Run 4
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,82 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 16,20 Gb Free Space | 36,23% Space Free | Partition Type: NTFS
Drive F: | 1,90 Gb Total Space | 0,15 Gb Free Space | 7,77% Space Free | Partition Type: FAT
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system |
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Filzip 3.0.6.93_is1" = Filzip 3.06
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Zattoo4" = Zattoo4 4.0.5
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.09.2010 08:59:10 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 09:35:43 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 09:35:44 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 09:35:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 11:38:16 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 11:38:16 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 11:38:17 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 11:38:17 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 11:38:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 11:38:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description =
 
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description =
 
[ System Events ]
Error - 22.12.2010 15:41:38 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 23.12.2010 13:46:34 | Computer Name = eugen-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.34  registriert werden. Der Computer mit IP-Adresse 192.168.2.32
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 23.12.2010 13:46:49 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 23.12.2010 13:46:49 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.12.2010 14:57:17 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 25.12.2010 10:00:06 | Computer Name = eugen-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.34  registriert werden. Der Computer mit IP-Adresse 192.168.2.32
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 25.12.2010 10:00:45 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 25.12.2010 10:00:45 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 25.12.2010 11:30:13 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 25.12.2010 11:40:59 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >
--- --- ---

rea 25.12.2010 19:23
1.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Code:
    :OTL
    IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
    IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    FF - prefs.js..network.proxy.type: 0
    [2010.12.19 02:48:34 | 000,001,056 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\icqplugin.xml
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    [2010.12.25 16:46:17 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.





2.) ESET Online Scan

Da wir nur einen kleinen Teil des Systems sehen und analysieren können, überprüfe Dein komplettes System mit dem ESET Online-Scanner. Bitte während des Scans alle evtl. vorhandenen externen Festplatten einschalten/anschließen. Außerdem während des Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliche) abstellen und nicht vergessen, sie hinterher wieder einzuschalten.
  • ESET Online Scanner
    • Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP/Vista und Win 7
    • Anmerkung für Vista und Windows 7 User: Bitte den Browser unbedingt Als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button "ESET Online Scanner" drücken.
    • Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
    • Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Signaturen werden heruntergeladen.
    • Der Scan beginnt automatisch.
    • Finish drücken.
    • Browser schließen.
    • Explorer öffnen.
    • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
    • Logfile hier posten.
    • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
    • IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
    • O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

rea 01.01.2011 22:51
Hallo u-gin,

gehts hier noch weiter? Ansonsten lösche ich diesen Thread in einer Woche aus meinen Abos, damit ich wieder Platz für einen neuen User habe.

u-gin 01.01.2011 23:08
Hey Rea sorry war die tage nicht da!

hier ist das log nach dem FIX:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50370 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
C:\Windows\System32\acovcnt.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: eugen
->Temp folder emptied: 2290311 bytes
->Temporary Internet Files folder emptied: 531526 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 84796856 bytes
->Flash cache emptied: 10299 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10318 bytes
RecycleBin emptied: 121592 bytes

Total Files Cleaned = 84,00 mb



OTL by OldTimer - Version 3.2.18.0 log created on 01012011_230239

Files\Folders moved on Reboot...
C:\Users\eugen\AppData\Local\Temp\~DF6AFB.tmp moved successfully.
File\Folder C:\Windows\temp\ZLT06c78.TMP not found!

Registry entries deleted on Reboot...

rea 01.01.2011 23:19
Okay, dann mache bitte mit Eset weiter :)

Und wie ist derzeit der Stand mit den Updates?

u-gin 02.01.2011 01:14
so und hier ist das ESET ergebniss:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b91a5920d8bab047a3f891176f571ec6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-02 12:09:26
# local_time=2011-01-02 01:09:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 4165 30456851 0 0
# compatibility_mode=5892 16776573 100 100 131658 131452758 0 0
# compatibility_mode=8192 67108863 100 0 3800 3800 0 0
# compatibility_mode=9217 16777214 75 70 28516292 35023784 0 0
# scanned=117904
# found=0
# cleaned=0
# scan_time=6936

rea 02.01.2011 10:32
Gut, keine Funde :) Wie siehts in der Zwischenzeit mit den Updates aus?


Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

u-gin 02.01.2011 13:47
also wie es aussieht laufen die updates wieder! heute morgen, erstmal Avira, dann adobe
und jetzt java :) mach gleich noch den OTL durchlaufen

rea 02.01.2011 16:47
Na das klingt doch gut. Dann lass mal sehen die Logs :zzwhip:
:D

u-gin 02.01.2011 20:30
bin grade erst fertig geworden mit den updates;)

hier schonmal OTL :OTL Logfile:
Code:
OTL logfile created on: 02.01.2011 20:16:46 - Run 5
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 18,73 Gb Free Space | 27,93% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.02 13:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2010.09.02 13:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.09.02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.09.02 13:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.02.01 19:31:42 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010.02.01 19:31:42 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.02 13:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010.09.02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.09.02 13:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.01.02 20:08:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.02 13:48:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.02 13:43:39 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.02 20:08:38 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.02 20:08:39 | 000,000,000 | ---D | M] (ZoneAlarm Security Toolbar) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2011.01.02 13:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2011.01.02 13:48:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.02 20:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011.01.02 20:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.01.02 20:07:11 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2011.01.02 20:07:11 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2011.01.02 13:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.01.02 13:48:11 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.01.02 13:48:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.02 13:48:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.02 13:48:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.02 13:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.01.02 13:42:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.01 23:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.02 20:15:23 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.01.02 20:15:03 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.02 20:13:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.02 20:13:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.02 20:13:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.02 20:12:54 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.02 20:11:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.02 20:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.02 20:09:02 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.01.02 20:07:58 | 000,000,878 | ---- | M] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk
[2011.01.02 13:43:39 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
 
========== Files Created - No Company Name ==========
 
[2011.01.02 20:07:58 | 000,000,878 | ---- | C] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk
[2011.01.02 13:42:58 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.11.17 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\SparweltGutschein
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2011.01.02 20:12:00 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

u-gin 02.01.2011 20:30
bin grade erst fertig geworden mit den updates;)

hier schonmal OTL :OTL Logfile:
Code:
OTL logfile created on: 02.01.2011 20:16:46 - Run 5
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 18,73 Gb Free Space | 27,93% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.02 13:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2010.09.02 13:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.09.02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.09.02 13:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.02.01 19:31:42 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010.02.01 19:31:42 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.02 13:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010.09.02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.09.02 13:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.01.02 20:08:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.02 13:48:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.02 13:43:39 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.02 20:08:38 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.02 20:08:39 | 000,000,000 | ---D | M] (ZoneAlarm Security Toolbar) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2011.01.02 13:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2011.01.02 13:48:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.02 20:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011.01.02 20:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.01.02 20:07:11 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2011.01.02 20:07:11 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2011.01.02 13:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.01.02 13:48:11 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.01.02 13:48:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.02 13:48:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.02 13:48:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.02 13:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.01.02 13:42:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.01 23:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.02 20:15:23 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.01.02 20:15:03 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.02 20:13:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.02 20:13:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.02 20:13:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.02 20:12:54 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.02 20:11:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.02 20:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.02 20:09:02 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.01.02 20:07:58 | 000,000,878 | ---- | M] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk
[2011.01.02 13:43:39 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
 
========== Files Created - No Company Name ==========
 
[2011.01.02 20:07:58 | 000,000,878 | ---- | C] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk
[2011.01.02 13:42:58 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.11.17 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\SparweltGutschein
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2011.01.02 20:12:00 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

u-gin 02.01.2011 20:31
und hier ist das Extras:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 02.01.2011 20:16:46 - Run 5
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 18,73 Gb Free Space | 27,93% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system |
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E7CB68B9-C8A5-40EA-AC3C-FA69351CE3F0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E8FC58F6-7496-4308-9BFA-7BE61218B254}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Filzip 3.0.6.93_is1" = Filzip 3.06
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Zattoo4" = Zattoo4 4.0.5
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.09.2010 11:38:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 11:38:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 11:38:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 11:38:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 11:38:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 11:38:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 12:08:07 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 12:08:07 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 12:14:23 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 12:14:24 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description =
 
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description =
 
[ System Events ]
Error - 02.01.2011 08:42:09 | Computer Name = eugen-PC | Source = DCOM | ID = 10005
Description =
 
Error - 02.01.2011 08:42:09 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 02.01.2011 08:42:09 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.01.2011 09:34:01 | Computer Name = eugen-PC | Source = bowser | ID = 8003
Description =
 
Error - 02.01.2011 10:04:58 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 02.01.2011 15:07:09 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 02.01.2011 15:08:45 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 02.01.2011 15:11:40 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

rea 02.01.2011 21:50
Code:
hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
Jetzt hab ichs auch kapiert :wtf:

--------

Hast du Zonealarm jetzt neuinstalliert? Wenn ja warum?





1.) Deinstallation von Software
  • -> Start
  • -> Systemsteuerung
  • -> Programme und Funktionen
  • -> Programm deinstallieren
  • Wähle nun jeweils eine Software aus:
    Code:
    ZoneAlarm Toolbar
    Sparwelt.de Gutschein Alarm
  • -> ändern/entfernen und deinstallieren.


Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist.





2.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.


    Code:
    :OTL
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
    [2011.01.02 20:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2011.01.01 23:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010.11.17 22:03:27 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\SparweltGutschein
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.




Das Updaten hast du nicht ganz zu Ende gebracht, Java wie Adobe haben jeweils schon aktuellere Versionen parat:




3.) Java aktualisieren
Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.
Downloade nun die Offline-Version von Java Version 6 Update 23 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.





4.) Sicherheitsrisiko Adobe Acrobat Reader

Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Wir empfehlen daher, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader X herunter und installiere ihn.

Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, schlage ich vor, stattdessen einen alternativen PDF-Anzeiger zu nutzen, beispielsweise kannst Du den Foxit PDF Reader installieren. Er ist "schlanker" und benutzt weniger Resourcen. Achte bei der Installation unbedingt darauf, dass die Ask-Toolbar und/oder Foxit-Toolbar bzw. Sponsoren nicht mitinstalliert werden (ggfs. sofort über Systemsteuerung => Software wieder deinstallieren).





5.) Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.





Bitte poste in deiner nächsten Antwort:
  • Das Logfile vom OTL-Fix (Schritt 2)
  • Die beiden Logfiles vom OTL-Systemscan (Schritt 5)

u-gin 03.01.2011 00:18
ahm hab zonealarm nicht neu installiert,das war ein update!
mache die sachen morgen, weil schon zu spät.
gute nacht .

rea 03.01.2011 07:01
Klar kein Problem, dann bis später ;)

u-gin 03.01.2011 18:55
so die sachen hab ich deinstalliert,
und schon gefixt hier ist der file:

All processes killed
========== OTL ==========
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Program Files\ESET\ESET Online Scanner\Quarantine folder moved successfully.
C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles\temp folder moved successfully.
C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com folder moved successfully.
C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles folder moved successfully.
C:\Program Files\ESET\ESET Online Scanner\Modules\data folder moved successfully.
C:\Program Files\ESET\ESET Online Scanner\Modules folder moved successfully.
C:\Program Files\ESET\ESET Online Scanner folder moved successfully.
C:\Program Files\ESET folder moved successfully.
Folder C:\Users\eugen\AppData\Roaming\SparweltGutschein\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: eugen
->Temp folder emptied: 6040586 bytes
->Temporary Internet Files folder emptied: 308011 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 90495382 bytes
->Flash cache emptied: 1494 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24492 bytes
RecycleBin emptied: 48034 bytes

Total Files Cleaned = 92,00 mb



OTL by OldTimer - Version 3.2.18.0 log created on 01032011_184847

Files\Folders moved on Reboot...
C:\Users\eugen\AppData\Local\Temp\~DF4CC5.tmp moved successfully.
File\Folder C:\Windows\temp\ZLT03d5a.TMP not found!

Registry entries deleted on Reboot...

u-gin 03.01.2011 19:32
so java ist jetzt aktuell, und foxit läuft jetzt auch.

und hier sind die logfiles:
OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 03.01.2011 19:25:37 - Run 6
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,82 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2010.09.02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.03 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.02 00:19:16 | 000,000,939 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit
[2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.01.02 20:07:11 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2011.01.02 20:07:11 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.03 19:24:40 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url
[2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.03 19:22:19 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.03 19:19:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 19:19:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 19:18:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.03 19:18:47 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.03 19:15:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.03 19:10:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.03 18:52:42 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.01.02 20:09:02 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.01.02 20:07:58 | 000,000,878 | ---- | M] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk
[2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
 
========== Files Created - No Company Name ==========
 
[2011.01.03 19:24:40 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url
[2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.02 20:07:58 | 000,000,878 | ---- | C] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk
[2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit
[2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2011.01.03 19:15:30 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
und

extras.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 03.01.2011 19:25:37 - Run 6
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,82 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system |
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E7CB68B9-C8A5-40EA-AC3C-FA69351CE3F0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E8FC58F6-7496-4308-9BFA-7BE61218B254}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Foxit Reader" = Foxit Reader
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Zattoo4" = Zattoo4 4.0.5
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 19:48:53 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 19:48:53 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description =
 
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description =
 
[ System Events ]
Error - 02.01.2011 15:11:40 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.01.2011 15:50:02 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 03.01.2011 13:48:48 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 03.01.2011 14:01:47 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.01.2011 14:12:42 | Computer Name = eugen-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.01.2011 14:15:18 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---

u-gin 03.01.2011 19:32
so java ist jetzt aktuell, und foxit läuft jetzt auch.

und hier sind die logfiles:
OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 03.01.2011 19:25:37 - Run 6
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,82 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2010.09.02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.03 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.02 00:19:16 | 000,000,939 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit
[2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.01.02 20:07:11 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2011.01.02 20:07:11 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.03 19:24:40 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url
[2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.03 19:22:19 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.03 19:19:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 19:19:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 19:18:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.03 19:18:47 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.03 19:15:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.03 19:10:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.03 18:52:42 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.01.02 20:09:02 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.01.02 20:07:58 | 000,000,878 | ---- | M] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk
[2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
 
========== Files Created - No Company Name ==========
 
[2011.01.03 19:24:40 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url
[2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.02 20:07:58 | 000,000,878 | ---- | C] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk
[2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit
[2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2011.01.03 19:15:30 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
und

extras.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 03.01.2011 19:25:37 - Run 6
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,82 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system |
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E7CB68B9-C8A5-40EA-AC3C-FA69351CE3F0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E8FC58F6-7496-4308-9BFA-7BE61218B254}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Foxit Reader" = Foxit Reader
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Zattoo4" = Zattoo4 4.0.5
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 19:48:53 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 19:48:53 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description =
 
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description =
 
[ System Events ]
Error - 02.01.2011 15:11:40 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.01.2011 15:50:02 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 03.01.2011 13:48:48 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 03.01.2011 14:01:47 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.01.2011 14:12:42 | Computer Name = eugen-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.01.2011 14:15:18 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---

rea 03.01.2011 20:24
Ich würd dir vorschlagen, Zonealarm zu deinstallieren und stattdessen die Windowsfirewall zu benutzen. Irgendwie stellt Zonealarm die Conduiteinträge bei dir dauernd wieder her, ausserdem ist es nicht unbedingt von Vorteil sowas zu nutzen und die Windowsfirewall tut eine gute Arbeit. Ich hab dir mal Cosinus` Links zum Thema Personal Firewalls herausgesucht, wenn dich das genauer interessiert:

Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen
Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de
NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de
microsoft.public.de.security.heimanwender FAQ

Wenn du ZA deinstalliert hast, würd ich gern nochmal neue OTL-Logs von dir sehen.

u-gin 03.01.2011 21:16
so gesagt getanOTL Logfile:
Code:
OTL logfile created on: 03.01.2011 21:09:50 - Run 7
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,73 Gb Free Space | 30,90% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.03 19:23:58 | 006,827,264 | ---- | M] (Foxit Software Company) -- C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.03 19:33:08 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.02 00:19:16 | 000,000,939 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.03 21:07:43 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit
[2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.03 21:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.03 21:06:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.03 21:06:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 21:06:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 21:05:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.03 21:05:52 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.03 21:05:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.03 19:24:40 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url
[2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.03 18:52:42 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
 
========== Files Created - No Company Name ==========
 
[2011.01.03 19:24:40 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url
[2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit
[2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2011.01.03 21:05:03 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 03.01.2011 21:09:50 - Run 7
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,73 Gb Free Space | 30,90% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system |
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Foxit Reader" = Foxit Reader
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.09.2010 13:40:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 13:40:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description =
 
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description =
 
[ System Events ]
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.01.2011 15:50:02 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 03.01.2011 13:48:48 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 03.01.2011 14:01:47 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.01.2011 14:12:42 | Computer Name = eugen-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.01.2011 14:15:18 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.01.2011 15:02:08 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 03.01.2011 16:04:49 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---

u-gin 03.01.2011 21:16
so gesagt getanOTL Logfile:
Code:
OTL logfile created on: 03.01.2011 21:09:50 - Run 7
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,73 Gb Free Space | 30,90% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.03 19:23:58 | 006,827,264 | ---- | M] (Foxit Software Company) -- C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.03 19:33:08 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.02 00:19:16 | 000,000,939 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.03 21:07:43 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit
[2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.03 21:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.03 21:06:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.03 21:06:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 21:06:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.03 21:05:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.03 21:05:52 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.03 21:05:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.03 19:24:40 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url
[2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.03 18:52:42 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
 
========== Files Created - No Company Name ==========
 
[2011.01.03 19:24:40 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url
[2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit
[2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2011.01.03 21:05:03 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 03.01.2011 21:09:50 - Run 7
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,73 Gb Free Space | 30,90% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system |
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Foxit Reader" = Foxit Reader
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.09.2010 13:40:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 13:40:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description =
 
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description =
 
[ System Events ]
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.01.2011 15:50:02 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 03.01.2011 13:48:48 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 03.01.2011 14:01:47 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.01.2011 14:12:42 | Computer Name = eugen-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.01.2011 14:15:18 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.01.2011 15:02:08 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 03.01.2011 16:04:49 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---

rea 03.01.2011 21:33
1.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.


    Code:
    :OTL
    FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
    [2010.12.02 00:19:16 | 000,000,939 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml
    :Commands
    [EMPTYTEMP]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.






2.) Windowsupdates

Besuche bitte mit dem Internet Explorer die Microsoftupdate-Seite und lade dir über die Benutzerdefinierte Suche alle angebotenen Updates herunter.

Alternativ kannst du dir die Updates auch mit dem Mozilla Firefox laden, du benötigst dafür aber das AddOn IE View.





Erstelle neue Logs mit OTL, poste mir aber nur noch die OTL.txt.

u-gin 03.01.2011 21:56
so fix file:
All processes killed
========== OTL ==========
Prefs.js: "ZoneAlarm Security Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "ZoneAlarm Security Customized Web Search" removed from browser.search.selectedEngine
C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: eugen
->Temp folder emptied: 5806630 bytes
->Temporary Internet Files folder emptied: 114654 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43327161 bytes
->Flash cache emptied: 456 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47,00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 01032011_215211

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

u-gin 03.01.2011 22:02
also wenn ich windows updates durchführen will, sagt mir dein link ich soll unter, Start-alle programme-windows updates probieren, dort steht keine wichtigen updates vorhanden.
was nun?

rea 03.01.2011 22:27
Ist okay, poste mir das OTL-Log.

u-gin 04.01.2011 18:54
so hier ist das OTL log:OTL Logfile:
Code:
OTL logfile created on: 04.01.2011 18:43:21 - Run 8
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,63 Gb Free Space | 30,76% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.03 21:56:41 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.03 21:56:37 | 000,000,000 | ---D | M] (IE View) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.03 21:07:43 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit
[2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.04 18:42:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.04 18:42:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.04 18:42:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.04 18:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.04 18:42:28 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.04 01:04:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.04 00:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.03 21:53:58 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
 
========== Files Created - No Company Name ==========
 
[2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit
[2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2011.01.04 01:04:12 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

u-gin 04.01.2011 18:54
so hier ist das OTL log:OTL Logfile:
Code:
OTL logfile created on: 04.01.2011 18:43:21 - Run 8
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,63 Gb Free Space | 30,76% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
 
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M]
 
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions
[2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.03 21:56:41 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions
[2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.03 21:56:37 | 000,000,000 | ---D | M] (IE View) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.03 21:07:43 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit
[2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira
[2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll
[2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool
[2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.04 18:42:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.04 18:42:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.04 18:42:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.04 18:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.04 18:42:28 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.04 01:04:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.04 00:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.03 21:53:58 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe
[2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
 
========== Files Created - No Company Name ==========
 
[2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe
[2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll
[2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe
[2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3
[2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3
[2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3
[2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache
[2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini
[2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db
[2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics
[2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint
[2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit
[2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ
[2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView
[2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org
[2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3
[2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV
[2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird
[2011.01.04 01:04:12 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

rea 04.01.2011 19:35
Okay, erledigt :) Dann sollten wir fertig sein. Abschliessend noch die letzten Schritte für dich:



1.)Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Klicke auf den Button "CleanUp!"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.





2.) Systemwiederherstellung leeren
  • Start --> Alle Programme--> Zubehör --> Systemprogramme --> Systemwiederherstellung
  • Wähle "Einen Wiederherstellungspunkt erstellen" => Weiter
  • Gebe den Punkt einen merkbaren Namen ( z.B. Bereinigung) ein --> Erstellen --> Schließen.
  • Start --> Ausführen --> cleanmgr (reinschreiben) --> OK --> Reiter Weitere Optionen
  • Klicke unter Systemwiederherstellung auf Bereinigen und bestätige das Löschen mit Ja --> OK





Und für die Zukunft: Sicherheit im Internet

u-gin 04.01.2011 19:57
hey das ist ja super, danke dir!
kannst du mir evt. in laien sprache kurz sagen was da los war?

rea 04.01.2011 20:22
Wir haben die Überreste deiner Malwareattacke entfernt, ausserdem ein paar Interneteinstellungen korrigiert und das ganze absolut überflüssige Conduit- und Toolbarzeugs entfernt (ebenfalls Zonealarm). Ausserdem haben wir Rootkits gesucht, aber soweit keine gefunden.
Grob gesagt, war nichts ernstes los, aber dein Problem, weshalb du uns hier aufgesucht hast konnten wir lösen :)

u-gin 04.01.2011 20:53
also das nenne ich doch mal Fachmann,
war schon auf mehreren seiten , keiner konnte mir helfen,
wurde sogar teilweise ignoriert.
machst du das eig. beruflich?

rea 04.01.2011 21:03
Ich habe eine Ausbildung genossen die ich in meiner Freizeit im Web gemacht habe.

Beruflich hab ich mit IT nichts zu tun, ausser Formulare auszudrucken :blabla:

Und btw, ich kann es nicht so stehen lassen: Frau bitte ;) Schön, dass ich helfen konnte!

u-gin 04.01.2011 21:37
oh das tut mir sehr leid wegen "mann" ;)
also wenn du mal hilfe mit einem Plasma, LCD oder LED gerät brauchst kannst mich ruhig anschreiben! (Repariere die dinger vor ort;))
viel mehr kann ich dir erstmal nicht anbieten ausser ein grosses dankeschön und weiter so!

rea 04.01.2011 21:45
Gern geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19