Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Java-Virus JAVA/Stutter.E

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.06.2011, 23:52   #1
kabuschi
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



Hallo, und vielen Dank, dass es dieses Forum gibt.

Es hat sich der Virus JAVA/Stutter.E eingeschlichen, den ich in Quarantäne geschoben habe.
Wie kann ich ihn richtig beseitigen und erkennen, ob es noch andere Viren gibt.
Die Systemsteuerung lässt sich nicht mehr öffnen (weißes Fenster ohne Rückmeldung) und das Symbol von Antivir hat in der Start-Menü-Leiste keinen geöffneten Regenschirm mehr (nur noch geschlossener Regenschirm), obwohl aktiv.

Alt 30.06.2011, 11:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



Zitat:
Es hat sich der Virus JAVA/Stutter.E eingeschlichen, den ich in Quarantäne geschoben habe.
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.
Mach auch bitte einen Vollscan mit Malwarebytes und poste das Log.
__________________

__________________

Alt 30.06.2011, 13:44   #3
kabuschi
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



hier sind die Logs.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6985

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

30.06.2011 12:25:23
mbam-log-2011-06-30 (12-25-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 330521
Laufzeit: 1 Stunde(n), 17 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\***\alt\***\programme\mp3wandler\eac-0.99pb4.exe (Adware.Yabector) -> Quarantined and deleted successfully.
c:\Users\***\***\programme\mp3wandler\eac-0.99pb4.exe (Adware.Yabector) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:38 on 29/06/2011 (D)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.06.2011 21:51:42 - Run 1
OTL by OldTimer - Version 3.2.24.2     Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,62 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 71,51% Memory free
5,46 Gb Paging File | 4,78 Gb Available in Paging File | 87,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64,41 Gb Total Space | 9,01 Gb Free Space | 13,99% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,36 Gb Free Space | 53,62% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.29 21:46:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.06.29 15:39:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.29 22:51:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.18 18:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2011.02.18 18:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe
PRC - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.02.15 17:25:42 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.11.04 16:16:07 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2006.11.05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006.11.05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.29 21:46:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2011.02.15 17:25:56 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2010.11.29 21:36:22 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010.11.29 21:36:22 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.06.29 15:39:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 22:51:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.18 18:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010.03.29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.29 15:39:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 15:39:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.02.15 17:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010.05.15 17:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.05.14 22:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.02.08 20:05:32 | 000,030,680 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLAPMonM.SYS -- (DLAPMonM)
DRV - [2007.02.08 20:05:32 | 000,013,624 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLADiagM.SYS -- (DLADiagM)
DRV - [2007.02.08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007.02.08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.26 16:22:00 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006.10.26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.10.26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006.10.26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.10.26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.10.26 16:21:28 | 000,033,592 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLADHK_M.SYS -- (DLADHK_M)
DRV - [2006.10.26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.10.26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.10.26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.09.25 17:27:28 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2006.09.25 17:27:28 | 000,055,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) DMT USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.03.18 11:03:52 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DLADiag] C:\Windows\DLADiag.EXE (Roxio)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [WatcherBIN]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Users\***\***\PROGRA~1\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.photodose.de/ips-opdata/operator/69189345/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.198 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.29 21:46:06 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.06.14 17:37:24 | 000,000,000 | --SD | C] -- C:\Users\***\Documents\Eigene Datenquellen
[2011.06.14 17:35:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SunODFPluginforMicrosoftOffice
[2011.01.06 21:24:22 | 006,331,338 | ---- | C] (G DATA Software AG) -- C:\Program Files\WebSpeech4.exe
[2010.09.09 15:01:22 | 001,234,224 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimePlayer.exe
[2010.09.09 15:01:22 | 000,800,048 | ---- | C] (Apple Inc.) -- C:\Program Files\QTPlugin.ocx
[2010.09.09 14:55:18 | 007,841,056 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimePlayer.dll
[2010.09.09 14:55:16 | 000,369,952 | ---- | C] (Apple Inc.) -- C:\Program Files\QTUIPanelControl.dll
[2010.09.09 14:55:14 | 000,894,240 | ---- | C] (Apple Inc.) -- C:\Program Files\QTOControl.dll
[2010.09.09 14:55:14 | 000,824,608 | ---- | C] (Apple Inc.) -- C:\Program Files\QTInfo.exe
[2010.09.09 14:55:14 | 000,820,512 | ---- | C] (Apple Inc.) -- C:\Program Files\QTOLibrary.dll
[2010.09.08 12:17:42 | 000,421,888 | ---- | C] (Apple Inc.) -- C:\Program Files\QTTask.exe
[2010.09.08 12:17:38 | 000,561,152 | ---- | C] (Apple Inc.) -- C:\Program Files\PictureViewer.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.29 21:46:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.06.29 21:42:22 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.29 21:42:22 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.29 21:42:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.29 21:42:00 | 2816,524,288 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.29 21:17:43 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.06.29 21:16:46 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.06.29 17:26:29 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2011.06.29 15:39:04 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.06.29 15:39:04 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.06.27 09:44:58 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.27 09:44:58 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.27 09:44:58 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.27 09:44:58 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.21 13:57:28 | 000,126,889 | ---- | M] () -- C:\Users\***\Desktop\frisur.jpg
[2011.06.16 13:45:15 | 115,954,465 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.06.08 15:50:43 | 000,104,526 | ---- | M] () -- C:\Users\***\Desktop\Ueberweisungsbestätigung.jpg
 
========== Files Created - No Company Name ==========
 
[2011.06.29 21:17:43 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.06.29 21:16:44 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.06.29 17:26:29 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp
[2011.06.21 14:00:49 | 000,126,889 | ---- | C] () -- C:\Users\***\Desktop\frisur.jpg
[2011.06.08 15:46:22 | 000,104,526 | ---- | C] () -- C:\Users\***\Desktop\Ueberweisungsbestätigung.jpg
[2010.11.05 19:11:19 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.09.10 18:02:56 | 000,010,180 | ---- | C] () -- C:\Program Files\QuickTime Read Me.htm
[2010.09.08 12:17:44 | 000,055,622 | ---- | C] () -- C:\Program Files\Sample.mov
[2010.09.08 12:17:44 | 000,018,663 | ---- | C] () -- C:\Program Files\Sample.qtif
[2010.08.04 16:55:44 | 000,000,001 | ---- | C] () -- C:\Windows\System32\InprocServer32.dll
[2010.06.29 00:14:54 | 000,107,626 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.06.25 08:18:47 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2010.06.25 08:18:47 | 000,000,150 | ---- | C] () -- C:\Windows\wininit.ini
[2010.06.15 22:54:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.15 12:26:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.15 12:26:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.14 22:25:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.14 17:56:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.06.14 14:15:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.05.14 21:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.05.14 21:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010.05.14 21:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.05.14 21:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.08.07 01:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 17:38:05 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:38:05 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,287,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
 
========== LOP Check ==========
 
[2011.04.28 00:47:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.03.18 10:44:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2010.11.05 18:31:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2010.11.05 18:43:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2010.06.16 15:27:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nvu
[2010.07.12 14:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.06.21 14:01:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView
[2011.06.29 21:41:53 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.06.14 14:29:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.06.14 14:39:03 | 000,000,000 | ---D | M] -- C:\1d6c81bfa23fd065041b4a61545a
[2010.06.16 15:52:49 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.06.14 14:20:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.06.14 22:20:08 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.06.14 15:15:18 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.18 10:52:17 | 000,000,000 | R--D | M] -- C:\Program Files
[2010.11.29 21:36:55 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.06.14 14:20:52 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.06.29 21:52:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.06.14 14:29:32 | 000,000,000 | R--D | M] -- C:\Users
[2010.06.14 22:46:31 | 000,000,000 | ---D | M] -- C:\Webabfrage
[2011.06.16 13:45:15 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2010.09.08 12:17:38 | 000,561,152 | ---- | M] (Apple Inc.) -- C:\Program Files\PictureViewer.exe
[2010.09.09 14:55:14 | 000,824,608 | ---- | M] (Apple Inc.) -- C:\Program Files\QTInfo.exe
[2010.09.08 12:17:42 | 000,421,888 | ---- | M] (Apple Inc.) -- C:\Program Files\QTTask.exe
[2010.09.09 15:01:22 | 001,234,224 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTimePlayer.exe
[2011.01.06 17:09:03 | 006,331,338 | ---- | M] (G DATA Software AG) -- C:\Program Files\WebSpeech4.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-04 10:11:38

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.06.2011 21:51:42 - Run 1
OTL by OldTimer - Version 3.2.24.2     Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,62 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 71,51% Memory free
5,46 Gb Paging File | 4,78 Gb Available in Paging File | 87,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64,41 Gb Total Space | 9,01 Gb Free Space | 13,99% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,36 Gb Free Space | 53,62% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Users\***\***\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Users\***\***\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Users\***\***\Programme\MoviePlayer\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Users\***\***\Programme\DM-Drogerie\alt\dm Fotowelt\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Users\***\***\Programme\DM-Drogerie\alt\dm Fotowelt\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\***\***\Programme\MoviePlayer\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{49BB321E-BC22-4DCB-8A4F-ECCFCBA75B02}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{910FF0A8-11A3-4124-BD95-C19DC322FEF7}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{A11598F4-A8AA-4944-B58A-C3EA310B9E5C}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9307C98E-269D-4B85-A331-3E74E123CB67}" = DP L10 Utility
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{C32D70D8-54F0-4152-B68E-12AB49061263}" = DMT Utility
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"dm-Fotowelt" = dm-Fotowelt
"DMTCOMM&0489&E003" = DMT USB to UART Bridge Controller
"druckstdu.de Designer 1.5.1_is1" = druckstdu.de Designer 1.5.1
"druckstdu.de Designer_is1" = druckstdu.de Designdatei
"FKC22153088_is1" = fotokasten comfort
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"LHTTSGED" = L&H TTS3000 Deutsch
"Lidl-Fotos_is1" = Lidl-Fotos
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"VLC media player" = VLC media player 1.1.0
"ws4.webspeech" = G DATA WebSpeech 4
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2011 11:15:49 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 53c  Anfangszeit: 01cc366f313565ac  Zeitpunkt
 der Beendigung: 125
 
Error - 29.06.2011 11:16:45 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 848  Anfangszeit: 01cc366f6d799961  Zeitpunkt
 der Beendigung: 31
 
Error - 29.06.2011 11:17:22 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: ef0  Anfangszeit: 01cc366f8d4ebf05  Zeitpunkt
 der Beendigung: 63
 
Error - 29.06.2011 11:18:19 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: a24  Anfangszeit: 01cc366fa5133035  Zeitpunkt
 der Beendigung: 47
 
Error - 29.06.2011 11:22:53 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: a58  Anfangszeit: 01cc366fc6aaf24b  Zeitpunkt
 der Beendigung: 47
 
Error - 29.06.2011 11:31:08 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 7d8  Anfangszeit: 01cc36706a1b76c6  Zeitpunkt
 der Beendigung: 47
 
Error - 29.06.2011 11:47:04 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: edc  Anfangszeit: 01cc367191486e92  Zeitpunkt
 der Beendigung: 62
 
Error - 29.06.2011 11:47:27 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 6b0  Anfangszeit: 01cc3673cb4ca5ed  Zeitpunkt
 der Beendigung: 16
 
Error - 29.06.2011 11:53:46 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: b68  Anfangszeit: 01cc3673cb3bf577  Zeitpunkt
 der Beendigung: 47
 
Error - 29.06.2011 11:54:37 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: c8  Anfangszeit: 01cc3674baf6068e  Zeitpunkt 
der Beendigung: 375
 
[ System Events ]
Error - 26.07.2010 02:23:56 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 26.07.2010 02:23:56 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.07.2010 13:43:56 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 27.07.2010 13:43:56 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.08.2010 01:47:25 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 02.08.2010 01:47:25 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.08.2010 07:45:14 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 03.08.2010 08:00:29 | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 03.08.2010 08:00:29 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 03.08.2010 08:00:29 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Geändert von cosinus (30.06.2011 um 13:52 Uhr) Grund: 1x extras und 1x OLT.txt reicht

Alt 30.06.2011, 13:50   #4
kabuschi
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



und hier noch die anderen.


[code]
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-29 22:51:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK8037GSX rev.DL240D
Running: ybbjneht.exe; Driver: C:\Users\***\AppData\Local\Temp\pxldipob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwAlpcConnectPort [0x8E467570]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwAlpcCreatePort [0x8E467E46]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwConnectPort [0x8E466FC6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwCreateFile [0x8E460884]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwCreateKey [0x8E481FA8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwCreatePort [0x8E467AD0]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwCreateProcess [0x8E47BE42]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwCreateProcessEx [0x8E47C26A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwCreateSection [0x8E4866FE]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwCreateWaitablePort [0x8E467C2E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwDeleteFile [0x8E4615B4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwDeleteKey [0x8E483A50]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwDeleteValueKey [0x8E483346]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwDuplicateObject [0x8E47AC26]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwLoadKey [0x8E48441A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwLoadKey2 [0x8E484658]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwLoadKeyEx [0x8E484B0A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwOpenFile [0x8E46116C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwOpenProcess [0x8E47E358]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwOpenThread [0x8E47DF46]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwRenameKey [0x8E4854E0]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwReplaceKey [0x8E484DD4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwRequestWaitReplyPort [0x8E466B5E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwRestoreKey [0x8E485F40]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwSecureConnectPort [0x8E467292]
SSDT            8E1B4413                                                                                                                     ZwSetContextThread
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwSetInformationFile [0x8E4619BE]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwSetSecurityObject [0x8E485A68]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwSetValueKey [0x8E482A6A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwSystemDebugControl [0x8E47CF66]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwTerminateProcess [0x8E47CC96]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)               ZwCreateUserProcess [0x8E47C6DE]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                                                81CB68A0 8 Bytes  [70, 75, 46, 8E, 46, 7E, 46, ...]
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                                                81CB6924 4 Bytes  [C6, 6F, 46, 8E]
.text           ntkrnlpa.exe!KeSetEvent + 1D9                                                                                                81CB693C 4 Bytes  [84, 08, 46, 8E]
.text           ntkrnlpa.exe!KeSetEvent + 1E9                                                                                                81CB694C 4 Bytes  JMP C9EB11D2 
.text           ntkrnlpa.exe!KeSetEvent + 205                                                                                                81CB6968 12 Bytes  [D0, 7A, 46, 8E, 42, BE, 47, ...]
.text           ...                                                                                                                          

---- User code sections - GMER 1.0.15 ----

.text           C:\Users\***\Desktop\ybbjneht.exe[192] ntdll.dll!NtAccessCheckByType                                                           777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\Desktop\ybbjneht.exe[192] ntdll.dll!NtAlpcImpersonateClientOfPort                                                 777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\Desktop\ybbjneht.exe[192] ntdll.dll!NtImpersonateClientOfPort                                                     777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\Desktop\ybbjneht.exe[192] ntdll.dll!NtSetInformationProcess                                                       777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\Desktop\ybbjneht.exe[192] kernel32.dll!OpenProcess                                                                76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\Desktop\ybbjneht.exe[192] USER32.dll!FindWindowA                                                                  772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\Desktop\ybbjneht.exe[192] USER32.dll!FindWindowW                                                                  772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\Desktop\ybbjneht.exe[192] ADVAPI32.dll!ImpersonateNamedPipeClient                                                 773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\Desktop\ybbjneht.exe[192] ADVAPI32.dll!SetThreadToken                                                             773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[280] ntdll.dll!NtAccessCheckByType                                                           777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[280] ntdll.dll!NtAlpcImpersonateClientOfPort                                                 777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[280] ntdll.dll!NtImpersonateClientOfPort                                                     777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[280] ntdll.dll!NtSetInformationProcess                                                       777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[280] kernel32.dll!OpenProcess                                                                76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!ImpersonateNamedPipeClient                                                 773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!SetThreadToken                                                             773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[280] USER32.dll!FindWindowA                                                                  772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\taskeng.exe[280] USER32.dll!FindWindowW                                                                  772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[412] ntdll.dll!NtAccessCheckByType                                                           777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[412] ntdll.dll!NtAlpcImpersonateClientOfPort                                                 777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[412] ntdll.dll!NtImpersonateClientOfPort                                                     777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[412] ntdll.dll!NtSetInformationProcess                                                       777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[412] kernel32.dll!OpenProcess                                                                76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[412] ADVAPI32.dll!ImpersonateNamedPipeClient                                                 773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[412] ADVAPI32.dll!SetThreadToken                                                             773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[412] USER32.dll!FindWindowA                                                                  772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[412] USER32.dll!FindWindowW                                                                  772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[492] ntdll.dll!NtAccessCheckByType                                                           777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[492] ntdll.dll!NtAlpcImpersonateClientOfPort                                                 777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[492] ntdll.dll!NtImpersonateClientOfPort                                                     777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[492] ntdll.dll!NtSetInformationProcess                                                       777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[492] kernel32.dll!OpenProcess                                                                76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[492] ADVAPI32.dll!ImpersonateNamedPipeClient                                                 773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[492] ADVAPI32.dll!SetThreadToken                                                             773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[492] USER32.dll!FindWindowA                                                                  772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[492] USER32.dll!FindWindowW                                                                  772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[568] ntdll.dll!NtAccessCheckByType                                                          777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[568] ntdll.dll!NtAlpcImpersonateClientOfPort                                                777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[568] ntdll.dll!NtImpersonateClientOfPort                                                    777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[568] ntdll.dll!NtSetInformationProcess                                                      777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[568] kernel32.dll!OpenProcess                                                               76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[568] ADVAPI32.dll!ImpersonateNamedPipeClient                                                773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[568] ADVAPI32.dll!SetThreadToken                                                            773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[568] USER32.dll!FindWindowA                                                                 772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[568] USER32.dll!FindWindowW                                                                 772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[584] ntdll.dll!NtAccessCheckByType                                                             777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[584] ntdll.dll!NtAlpcImpersonateClientOfPort                                                   777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[584] ntdll.dll!NtImpersonateClientOfPort                                                       777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[584] ntdll.dll!NtSetInformationProcess                                                         777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[584] ADVAPI32.dll!ImpersonateNamedPipeClient                                                   773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[584] ADVAPI32.dll!SetThreadToken                                                               773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[584] USER32.dll!FindWindowA                                                                    772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[584] USER32.dll!FindWindowW                                                                    772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[592] ntdll.dll!NtAccessCheckByType                                                               777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[592] ntdll.dll!NtAlpcImpersonateClientOfPort                                                     777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[592] ntdll.dll!NtImpersonateClientOfPort                                                         777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[592] ntdll.dll!NtSetInformationProcess                                                           777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[592] kernel32.dll!OpenProcess                                                                    76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[592] ADVAPI32.dll!ImpersonateNamedPipeClient                                                     773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[592] ADVAPI32.dll!SetThreadToken                                                                 773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[592] USER32.dll!FindWindowA                                                                      772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[592] USER32.dll!FindWindowW                                                                      772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[772] ntdll.dll!NtAccessCheckByType                                                           777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[772] ntdll.dll!NtAlpcImpersonateClientOfPort                                                 777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[772] ntdll.dll!NtImpersonateClientOfPort                                                     777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[772] ntdll.dll!NtSetInformationProcess                                                       777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[772] kernel32.dll!OpenProcess                                                                76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!ImpersonateNamedPipeClient                                                 773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!SetThreadToken                                                             773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[772] USER32.dll!FindWindowA                                                                  772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[772] USER32.dll!FindWindowW                                                                  772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[888] ntdll.dll!NtAccessCheckByType                                                           777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[888] ntdll.dll!NtAlpcImpersonateClientOfPort                                                 777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[888] ntdll.dll!NtImpersonateClientOfPort                                                     777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[888] ntdll.dll!NtSetInformationProcess                                                       777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[888] kernel32.dll!OpenProcess                                                                76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ImpersonateNamedPipeClient                                                 773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!SetThreadToken                                                             773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[888] USER32.dll!FindWindowA                                                                  772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[888] USER32.dll!FindWindowW                                                                  772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[896] ntdll.dll!NtAccessCheckByType                                                     777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[896] ntdll.dll!NtAlpcImpersonateClientOfPort                                           777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[896] ntdll.dll!NtImpersonateClientOfPort                                               777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[896] ntdll.dll!NtSetInformationProcess                                                 777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[896] kernel32.dll!OpenProcess                                                          76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[896] ADVAPI32.dll!ImpersonateNamedPipeClient                                           773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[896] ADVAPI32.dll!SetThreadToken                                                       773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[896] USER32.dll!FindWindowA                                                            772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\SearchIndexer.exe[896] USER32.dll!FindWindowW                                                            772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[992] ntdll.dll!NtAccessCheckByType                                                           777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[992] ntdll.dll!NtAlpcImpersonateClientOfPort                                                 777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[992] ntdll.dll!NtImpersonateClientOfPort                                                     777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[992] ntdll.dll!NtSetInformationProcess                                                       777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[992] kernel32.dll!OpenProcess                                                                76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!ImpersonateNamedPipeClient                                                 773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!SetThreadToken                                                             773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[992] USER32.dll!FindWindowA                                                                  772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[992] USER32.dll!FindWindowW                                                                  772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtAccessCheckByType                                                          777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtAlpcImpersonateClientOfPort                                                777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtImpersonateClientOfPort                                                    777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtSetInformationProcess                                                      777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1084] kernel32.dll!OpenProcess                                                               76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ImpersonateNamedPipeClient                                                773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!SetThreadToken                                                            773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1084] USER32.dll!FindWindowA                                                                 772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1084] USER32.dll!FindWindowW                                                                 772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtAccessCheckByType                                                          777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtAlpcImpersonateClientOfPort                                                777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtImpersonateClientOfPort                                                    777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtSetInformationProcess                                                      777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1100] kernel32.dll!OpenProcess                                                               76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!ImpersonateNamedPipeClient                                                773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!SetThreadToken                                                            773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1100] USER32.dll!FindWindowA                                                                 772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1100] USER32.dll!FindWindowW                                                                 772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtAccessCheckByType                                                          777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtAlpcImpersonateClientOfPort                                                777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtImpersonateClientOfPort                                                    777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtSetInformationProcess                                                      777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1248] kernel32.dll!OpenProcess                                                               76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!ImpersonateNamedPipeClient                                                773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!SetThreadToken                                                            773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1248] USER32.dll!FindWindowA                                                                 772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1248] USER32.dll!FindWindowW                                                                 772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtAccessCheckByType                                                          777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtAlpcImpersonateClientOfPort                                                777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtImpersonateClientOfPort                                                    777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtSetInformationProcess                                                      777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1380] kernel32.dll!OpenProcess                                                               76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!ImpersonateNamedPipeClient                                                773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!SetThreadToken                                                            773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1380] USER32.dll!FindWindowA                                                                 772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1380] USER32.dll!FindWindowW                                                                 772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtAccessCheckByType                                                          777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtAlpcImpersonateClientOfPort                                                777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtImpersonateClientOfPort                                                    777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtSetInformationProcess                                                      777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1488] kernel32.dll!OpenProcess                                                               76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!ImpersonateNamedPipeClient                                                773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!SetThreadToken                                                            773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1488] USER32.dll!FindWindowA                                                                 772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1488] USER32.dll!FindWindowW                                                                 772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1756] kernel32.dll!OpenProcess                                           76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1756] USER32.dll!IsWindowUnicode + 37                                    772E90B5 5 Bytes  JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1832] ntdll.dll!NtAccessCheckByType                                                          777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1832] ntdll.dll!NtAlpcImpersonateClientOfPort                                                777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1832] ntdll.dll!NtImpersonateClientOfPort                                                    777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1832] ntdll.dll!NtSetInformationProcess                                                      777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1832] kernel32.dll!OpenProcess                                                               76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1832] ADVAPI32.dll!ImpersonateNamedPipeClient                                                773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1832] ADVAPI32.dll!SetThreadToken                                                            773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1832] USER32.dll!FindWindowA                                                                 772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[1832] USER32.dll!FindWindowW                                                                 772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtAccessCheckByType                                                          777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtAlpcImpersonateClientOfPort                                                777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtImpersonateClientOfPort                                                    777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtSetInformationProcess                                                      777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1868] kernel32.dll!OpenProcess                                                               76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1868] ADVAPI32.dll!ImpersonateNamedPipeClient                                                773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1868] ADVAPI32.dll!SetThreadToken                                                            773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1868] USER32.dll!FindWindowA                                                                 772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1868] USER32.dll!FindWindowW                                                                 772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1876] ntdll.dll!NtAccessCheckByType                                                          777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1876] ntdll.dll!NtAlpcImpersonateClientOfPort                                                777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1876] ntdll.dll!NtImpersonateClientOfPort                                                    777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1876] ntdll.dll!NtSetInformationProcess                                                      777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1876] kernel32.dll!OpenProcess                                                               76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1876] ADVAPI32.dll!ImpersonateNamedPipeClient                                                773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1876] ADVAPI32.dll!SetThreadToken                                                            773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1876] USER32.dll!FindWindowA                                                                 772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[1876] USER32.dll!FindWindowW                                                                 772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ntdll.dll!NtAccessCheckByType                                  777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ntdll.dll!NtAlpcImpersonateClientOfPort                        777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ntdll.dll!NtImpersonateClientOfPort                            777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ntdll.dll!NtSetInformationProcess                              777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] kernel32.dll!SetUnhandledExceptionFilter                       7647A84F 5 Bytes  JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] kernel32.dll!OpenProcess                                       76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] USER32.dll!FindWindowA                                         772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] USER32.dll!FindWindowW                                         772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ADVAPI32.dll!ImpersonateNamedPipeClient                        773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ADVAPI32.dll!SetThreadToken                                    773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[2184] ntdll.dll!NtAccessCheckByType                                                          777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[2184] ntdll.dll!NtAlpcImpersonateClientOfPort                                                777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[2184] ntdll.dll!NtImpersonateClientOfPort                                                    777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[2184] ntdll.dll!NtSetInformationProcess                                                      777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[2184] kernel32.dll!OpenProcess                                                               76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[2184] USER32.dll!FindWindowA                                                                 772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[2184] USER32.dll!FindWindowW                                                                 772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[2184] ADVAPI32.dll!ImpersonateNamedPipeClient                                                773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[2184] ADVAPI32.dll!SetThreadToken                                                            773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ntdll.dll!NtAccessCheckByType                                         777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ntdll.dll!NtAlpcImpersonateClientOfPort                               777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ntdll.dll!NtImpersonateClientOfPort                                   777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ntdll.dll!NtSetInformationProcess                                     777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] kernel32.dll!OpenProcess                                              76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] USER32.dll!FindWindowA                                                772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] USER32.dll!FindWindowW                                                772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ADVAPI32.dll!ImpersonateNamedPipeClient                               773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ADVAPI32.dll!SetThreadToken                                           773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ntdll.dll!NtAccessCheckByType                      777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ntdll.dll!NtAlpcImpersonateClientOfPort            777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ntdll.dll!NtImpersonateClientOfPort                777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ntdll.dll!NtSetInformationProcess                  777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] kernel32.dll!OpenProcess                           76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] USER32.dll!FindWindowA                             772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] USER32.dll!FindWindowW                             772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ADVAPI32.dll!ImpersonateNamedPipeClient            773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ADVAPI32.dll!SetThreadToken                        773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ntdll.dll!NtAccessCheckByType               777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ntdll.dll!NtAlpcImpersonateClientOfPort     777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ntdll.dll!NtImpersonateClientOfPort         777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ntdll.dll!NtSetInformationProcess           777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] kernel32.dll!OpenProcess                    76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] USER32.dll!FindWindowA                      772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] USER32.dll!FindWindowW                      772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ADVAPI32.dll!ImpersonateNamedPipeClient     773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ADVAPI32.dll!SetThreadToken                 773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ntdll.dll!NtAccessCheckByType            777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ntdll.dll!NtAlpcImpersonateClientOfPort  777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ntdll.dll!NtImpersonateClientOfPort      777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ntdll.dll!NtSetInformationProcess        777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] kernel32.dll!OpenProcess                 76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] USER32.dll!FindWindowA                   772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] USER32.dll!FindWindowW                   772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ADVAPI32.dll!ImpersonateNamedPipeClient  773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ADVAPI32.dll!SetThreadToken              773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ntdll.dll!NtAccessCheckByType                               777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ntdll.dll!NtAlpcImpersonateClientOfPort                     777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ntdll.dll!NtImpersonateClientOfPort                         777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ntdll.dll!NtSetInformationProcess                           777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] kernel32.dll!OpenProcess                                    76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ADVAPI32.dll!ImpersonateNamedPipeClient                     773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ADVAPI32.dll!SetThreadToken                                 773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] USER32.dll!FindWindowA                                      772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] USER32.dll!FindWindowW                                      772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ntdll.dll!NtAccessCheckByType                                       777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ntdll.dll!NtAlpcImpersonateClientOfPort                             777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ntdll.dll!NtImpersonateClientOfPort                                 777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ntdll.dll!NtSetInformationProcess                                   777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] kernel32.dll!OpenProcess                                            76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ADVAPI32.dll!ImpersonateNamedPipeClient                             773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ADVAPI32.dll!SetThreadToken                                         773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] USER32.dll!FindWindowA                                              772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] USER32.dll!FindWindowW                                              772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ntdll.dll!NtAccessCheckByType                                       777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ntdll.dll!NtAlpcImpersonateClientOfPort                             777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ntdll.dll!NtImpersonateClientOfPort                                 777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ntdll.dll!NtSetInformationProcess                                   777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] kernel32.dll!OpenProcess                                            76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ADVAPI32.dll!ImpersonateNamedPipeClient                             773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ADVAPI32.dll!SetThreadToken                                         773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] USER32.dll!FindWindowA                                              772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] USER32.dll!FindWindowW                                              772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ntdll.dll!NtAccessCheckByType               777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ntdll.dll!NtAlpcImpersonateClientOfPort     777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ntdll.dll!NtImpersonateClientOfPort         777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ntdll.dll!NtSetInformationProcess           777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] kernel32.dll!OpenProcess                    76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] USER32.dll!FindWindowA                      772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] USER32.dll!FindWindowW                      772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ADVAPI32.dll!ImpersonateNamedPipeClient     773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ADVAPI32.dll!SetThreadToken                 773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3992] ntdll.dll!NtAccessCheckByType                                                    777E4044 5 Bytes  JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3992] ntdll.dll!NtAlpcImpersonateClientOfPort                                          777E4214 5 Bytes  JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3992] ntdll.dll!NtImpersonateClientOfPort                                              777E49E4 5 Bytes  JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3992] ntdll.dll!NtSetInformationProcess                                                777E5324 5 Bytes  JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3992] kernel32.dll!OpenProcess                                                         76497267 5 Bytes  JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3992] ADVAPI32.dll!ImpersonateNamedPipeClient                                          773E3A48 5 Bytes  JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3992] ADVAPI32.dll!SetThreadToken                                                      773F8E21 5 Bytes  JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3992] USER32.dll!FindWindowA                                                           772E9D76 5 Bytes  JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3992] USER32.dll!FindWindowW                                                           772FA441 5 Bytes  JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                     fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Die Datei hjtscanlist.txt ließ sich nicht erstellen:

"Die Datei hjtscanlist.txt kann nicht gefunden werden.
Möchten Sie eine neue Datei erstellen?"

Code:
ATTFilter
Adobe Download Manager	NOS Microsystems Ltd.	14.06.2010	0,40MB	1.6.2.63
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	15.06.2010		10.1.53.64
Adobe Reader 9.4.2 - Deutsch	Adobe Systems Incorporated	17.03.2011	164,7MB	9.4.2
Amazon MP3-Downloader 1.0.9		27.04.2011	2,56MB	
Apple Application Support	Apple Inc.	28.11.2010	42,8MB	1.3.2
Apple Software Update	Apple Inc.	28.11.2010	2,16MB	2.1.1.116
Avira AntiVir Personal - Free Antivirus	Avira GmbH	28.06.2011	96,6MB	10.2.0.690
CCleaner	Piriform	29.06.2011	3,82MB	3.08
Dell Driver Download Manager	Dell Inc.	24.06.2010		2.1.0.0
dm-Fotowelt		12.09.2010	251MB	
DMT USB to UART Bridge Controller		17.02.2011		
DMT Utility		17.02.2011	21.645MB	
DP L10 Utility		17.02.2011	0,97MB	
druckstdu.de Designdatei	Druckstdu.de	16.06.2010	69,2MB	
druckstdu.de Designer 1.5.1	druckstdu	16.06.2010	69,2MB	
fotokasten comfort		28.06.2010	15,4MB	
G DATA Logox 4 Speechengine	G DATA Software AG	05.01.2011		
G DATA WebSpeech 4	G DATA Software AG	05.01.2011		
Java(TM) 6 Update 24	Sun Microsystems, Inc.	16.06.2010	94,5MB	6.0.240
L&H TTS3000 Deutsch		04.01.2011		
Lidl-Fotos		02.07.2010	18,7MB	
Malwarebytes' Anti-Malware Version 1.51.0.1200	Malwarebytes Corporation	29.06.2011	7,29MB	1.51.0.1200
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	20.06.2010	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	13.06.2010	27,8MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	27.06.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	27.06.2010	24,5MB	4.0.30319
Microsoft Office Standard Edition 2003	Microsoft Corporation	13.06.2010	198,6MB	11.0.5614.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	12.09.2010	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	13.06.2010	0,58MB	9.0.30729.4148
Paint.NET v3.5.5	dotPDN LLC	14.06.2010	10,2MB	3.55.0
QuickTime	Apple Inc.	28.11.2010	73,7MB	7.68.75.0
RealSpeak Solo fur Deutsch - Steffi	ScanSoft	06.01.2011	15,4MB	4.00.0000
Roxio Creator Audio	Roxio	04.11.2010	1,14MB	3.3.0
Roxio Creator Copy	Roxio	04.11.2010	0,63MB	3.3.0
Roxio Creator Data	Roxio	04.11.2010	0,92MB	3.3.0
Roxio Creator DE	Roxio	04.11.2010	25,3MB	3.3.0
Roxio Creator Tools	Roxio	04.11.2010	0,34MB	3.3.0
Roxio Drag-to-Disc	Roxio	24.06.2010	8,20MB	9.0
Roxio MyDVD DE	Roxio, Inc.	04.11.2010	329MB	9.0.117
Roxio Update Manager	Roxio	04.11.2010	2,42MB	3.0.0
Skype Toolbars	Skype Technologies S.A.	07.04.2011	5,93MB	5.0.4137
Skype™ 5.1	Skype Technologies S.A.	07.04.2011	22,7MB	5.1.112
Sun ODF Plugin for Microsoft Office 3.2	Sun Microsystems	13.06.2011	221MB	3.2.9483
VLC media player 1.1.0	VideoLAN	27.06.2010	75,7MB	1.1.0
ZoneAlarm	Check Point, Inc	17.03.2011	20,1MB	9.2.105.000
ZoneAlarm Toolbar	Check Point Software Technologies	17.03.2011	25,9MB
         
Code:
ATTFilter
Exportierte Ereignisse:

28.06.2011 13:57 [Updater] Update nicht ausgeführt
      Das Update von Computer *** (***) von hxxp://87.248.217.254/update 
      ist fehlgeschlagen.
      Abbruch durch den Benutzer
      Es wurden keine neuen Dateien geladen.

29.06.2011 19:50 [Scanner] Malware gefunden
      Die Datei 
      'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7061701b-769f05a2'
      enthielt einen Virus oder unerwünschtes Programm 'JAVA/Stutter.E' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a9bcb60.qua' 
      verschoben!

29.06.2011 17:07 [Guard] AntiVir Guard deaktiviert
      AntiVir Guard wurde deaktiviert.

29.06.2011 17:19 [Guard] AntiVir Guard deaktiviert
      AntiVir Guard wurde deaktiviert.

29.06.2011 22:08 [Guard] AntiVir Guard deaktiviert
      AntiVir Guard wurde deaktiviert.
         

Alt 30.06.2011, 13:50   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



Zitat:
C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm
So ein Spielzeug bitte umgehend deinstallieren. Aktiviere die Windows-Firewall.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.06.2011, 15:33   #6
kabuschi
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



okay, hab mich informiert, werde die Windows Vista Firewall einschalten und ZoneAlarm abschalten (+deinstallieren).
Nur zur Zeit ist es unmöglich, weil ich nicht in die Systemsteuerung rein komme.

Danke schonmal im Voraus.

Alt 30.06.2011, 15:37   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



Zitat:
Nur zur Zeit ist es unmöglich, weil ich nicht in die Systemsteuerung rein komme.
Fehlermeldung?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.06.2011, 16:06   #8
kabuschi
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



das Fenster "Systemsteuerung" öffnet sich unvollständig. Will heißen, dass der rechte Fensterinhalt unangezeigt bleibt. Wenn ich drauf klicke, kommt: (keine Rückmeldung) oben im Rahmen und der Prozess lässt sich nur abwürgen.

Was kann und sollte ich bei dem Virus Stutter.E machen?

Alt 30.06.2011, 16:14   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.06.2011, 17:04   #10
kabuschi
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



hier ist der Inhalt von Combofix:


[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-06-30.01 - D 30.06.2011  16:34:49.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2685.1635 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Eventuell infizierte Webseiten -----
.
hxxp://apnmedia.ask.com
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-28 bis 2011-06-30  ))))))))))))))))))))))))))))))
.
.
2011-06-30 14:43 . 2011-06-30 14:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-30 14:32 . 2011-06-30 14:32	--------	d-----w-	C:\32788R22FWJFW
2011-06-30 11:26 . 2011-06-30 11:26	--------	d-----w-	c:\program files\CCleaner
2011-06-30 10:26 . 2011-06-30 10:26	54016	----a-w-	c:\windows\system32\drivers\abldctc.sys
2011-06-30 08:59 . 2011-06-30 08:59	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2011-06-30 08:58 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 08:58 . 2011-06-30 08:58	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-30 08:58 . 2011-06-30 08:58	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-06-30 08:58 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-14 15:35 . 2011-06-14 15:35	--------	d-----w-	c:\users\***\AppData\Roaming\SunODFPluginforMicrosoftOffice
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 13:39 . 2010-06-14 17:30	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-29 13:39 . 2010-06-14 17:30	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-01-06 15:09 . 2011-01-06 19:24	6331338	----a-w-	c:\program files\WebSpeech4.exe
2010-09-09 13:01 . 2010-09-09 13:01	800048	----a-w-	c:\program files\QTPlugin.ocx
2010-09-09 13:01 . 2010-09-09 13:01	1234224	----a-w-	c:\program files\QuickTimePlayer.exe
2010-09-09 12:55 . 2010-09-09 12:55	7841056	----a-w-	c:\program files\QuickTimePlayer.dll
2010-09-09 12:55 . 2010-09-09 12:55	369952	----a-w-	c:\program files\QTUIPanelControl.dll
2010-09-09 12:55 . 2010-09-09 12:55	894240	----a-w-	c:\program files\QTOControl.dll
2010-09-09 12:55 . 2010-09-09 12:55	824608	----a-w-	c:\program files\QTInfo.exe
2010-09-09 12:55 . 2010-09-09 12:55	820512	----a-w-	c:\program files\QTOLibrary.dll
2010-09-08 10:17 . 2010-09-08 10:17	421888	----a-w-	c:\program files\QTTask.exe
2010-09-08 10:17 . 2010-09-08 10:17	561152	----a-w-	c:\program files\PictureViewer.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 10:50	2517088	----a-w-	c:\program files\ZoneAlarm-Sicherheit\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"DLADiag"="c:\windows\DLADiag.EXE" [2007-02-08 56056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"QuickTime Task"="c:\program files\QTTask.exe" [2010-09-08 421888]
"ZoneAlarm Client"="c:\users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 DLADHK_M;DLADHK_M;c:\windows\system32\Drivers\DLADHK_M.SYS [2006-10-26 33592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 DLADiagM;DLADiagM;c:\windows\system32\Drivers\DLADiagM.SYS [2007-02-08 13624]
S1 DLAPMonM;DLAPMonM;c:\windows\system32\Drivers\DLAPMonM.SYS [2007-02-08 30680]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 488952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\users\***\***\PROGRA~1\Office\OFFICE11\EXCEL.EXE/3000
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\progra~1\COMMON~1\WEBSPE~1.0\LgxIEBar.dll
TCP: DhcpNameServer = 80.69.100.198 192.168.0.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.photodose.de/ips-opdata/operator/69189345/objects/jordan.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-WatcherBIN - c:\users\***\***\Programme\ebay\Watcherbin\WatcherBIN.exe
AddRemove-lgx4.lgx.server - c:\windows\GSetup.exe
AddRemove-ws4.webspeech - c:\windows\GSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-30 16:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(584)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2011-06-30  16:53:59
ComboFix-quarantined-files.txt  2011-06-30 14:53
.
Vor Suchlauf: 7 Verzeichnis(se), 14.662.320.128 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 14.838.775.808 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=15 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
- - End Of File - - E79EBA0282899F0C10DA4700C5D57D32
         
--- --- ---

--- --- ---

Geändert von kabuschi (30.06.2011 um 17:13 Uhr)

Alt 30.06.2011, 17:12   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



Geht die Systemsteuerung wieder?

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.06.2011, 17:31   #12
kabuschi
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



vielen dank für die schnelle antwort!

die systemsteuerung geht noch nicht.

derzeit läuft GMER durch, ich schicke das log, sobald da.

wo kann ich OSAM hernehmen?

Alt 30.06.2011, 17:32   #13
kabuschi
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



okay, osam gefunden, sorry.

Alt 30.06.2011, 18:57   #14
kabuschi
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



hier ist das log von OSAM:


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:52:43 on 30.06.2011

OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QTSystem\QuickTime.cpl
"WebSpeech" - "G DATA Software AG" - C:\PROGRA~1\COMMON~1\WEBSPE~1.0\LgxIEControl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"DLABMFSM" (DLABMFSM) - "Roxio" - C:\Windows\System32\DLA\DLABMFSM.SYS
"DLABOIOM" (DLABOIOM) - "Roxio" - C:\Windows\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Roxio" - C:\Windows\System32\Drivers\DLACDBHM.SYS
"DLADHK_M" (DLADHK_M) - "Roxio" - C:\Windows\System32\Drivers\DLADHK_M.SYS
"DLADiagM" (DLADiagM) - "Roxio" - C:\Windows\System32\Drivers\DLADiagM.SYS
"DLADResM" (DLADResM) - "Roxio" - C:\Windows\System32\DLA\DLADResM.SYS
"DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\Windows\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\Windows\System32\DLA\DLAOPIOM.SYS
"DLAPMonM" (DLAPMonM) - "Roxio" - C:\Windows\System32\Drivers\DLAPMonM.SYS
"DLAPoolM" (DLAPoolM) - "Roxio" - C:\Windows\System32\DLA\DLAPoolM.SYS
"DLARTL_M" (DLARTL_M) - "Roxio" - C:\Windows\System32\Drivers\DLARTL_M.SYS
"DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\Windows\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\Windows\System32\DLA\DLAUDF_M.SYS
"DMT USB Composite Device driver (WDM)" (slabbus) - "MCCI" - C:\Windows\System32\DRIVERS\slabbus.sys
"DMT USB to UART Bridge Controller Drivers" (slabser) - "MCCI" - C:\Windows\System32\DRIVERS\slabser.sys
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\Windows\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Roxio" - C:\Windows\System32\Drivers\DRVNDDM.SYS
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"vsdatant7" (vsdatant7) - ? - C:\Windows\System32\drivers\vsdatant.win7.sys  (File not found)
"Zone Alarm Firewall Driver" (Vsdatant) - "Check Point Software Technologies LTD" - C:\Windows\System32\DRIVERS\vsdatant.sys
"ZoneAlarm Toolbar ISWKL" (ISWKL) - "Check Point Software Technologies" - C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Users\***\***\Programme\Entpacker\7zip\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Users\***\***\Programme\Office\OFFICE11\msohev.dll
{5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Users\***\***\Programme\Roxio\Shellex.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ZoneAlarm Security Engine" - "Check Point Software Technologies" - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
<binary data> "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{28B66320-9687-4B13-8757-36F901887AB5} "CanvasX Class" - "IPLabs GmbH" - C:\Windows\Downloaded Program Files\canvasx.dll / hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} "JordanUploader Class" - "IPLabs GmbH" - C:\Windows\Downloaded Program Files\JordanApplet.dll / hxxp://www.photodose.de/ips-opdata/operator/69189345/objects/jordan.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\Users\***\***\PROGRA~1\Office\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} "WebSpeech" - "G DATA Software AG" - C:\PROGRA~1\COMMON~1\WEBSPE~1.0\LgxIEBar.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} "ZoneAlarm Security Engine" - "Check Point Software Technologies" - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{83A30C59-3A50-49E6-9DAF-4923C4EA3C23} "WebSpeechBHO Class" - ? - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll__BHODemonDisabled_NFOYIZNPOKOASSVYENREHYBWLANKUT  (File not found)
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} "ZoneAlarm Security Engine Registrar" - "Check Point Software Technologies" - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DLADiag" - "Roxio" - C:\Windows\DLADiag.EXE
"ISUSPM Startup" - "Macrovision Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISW" - "Check Point Software Technologies" - "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QTTask.exe" -atboottime
"RoxWatchTray" - "Sonic Solutions" - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ZoneAlarm Client" - "Check Point Software Technologies LTD" - "C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"TrueVector Internet Monitor" (vsmon) - "Check Point Software Technologies LTD" - C:\Windows\System32\ZoneLabs\vsmon.exe
"ZoneAlarm Toolbar IswSvc" (IswSvc) - "Check Point Software Technologies" - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Geändert von kabuschi (30.06.2011 um 19:06 Uhr)

Alt 30.06.2011, 19:07   #15
kabuschi
 
Java-Virus JAVA/Stutter.E - Standard

Java-Virus JAVA/Stutter.E



und hier noch MBRCheck:

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Basic Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Dell Inc.
BIOS Manufacturer:		Dell Inc.
System Manufacturer:		Dell Inc.
System Product Name:		Inspiron 1501
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 156):
  0x81C51000 \SystemRoot\system32\ntkrnlpa.exe
  0x81C1E000 \SystemRoot\system32\hal.dll
  0x80408000 \SystemRoot\system32\kdcom.dll
  0x8040F000 \SystemRoot\system32\PSHED.dll
  0x80420000 \SystemRoot\system32\BOOTVID.dll
  0x80428000 \SystemRoot\system32\CLFS.SYS
  0x80469000 \SystemRoot\system32\CI.dll
  0x80549000 \SystemRoot\System32\drivers\abldctc.sys
  0x80557000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x805D3000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80608000 \SystemRoot\system32\drivers\acpi.sys
  0x8064E000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80657000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8065F000 \SystemRoot\system32\drivers\pci.sys
  0x80686000 \SystemRoot\System32\drivers\partmgr.sys
  0x80695000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80698000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x806A2000 \SystemRoot\system32\drivers\volmgr.sys
  0x806B1000 \SystemRoot\System32\drivers\volmgrx.sys
  0x806FB000 \SystemRoot\system32\drivers\pciide.sys
  0x80702000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x80710000 \SystemRoot\System32\drivers\mountmgr.sys
  0x80720000 \SystemRoot\system32\drivers\atapi.sys
  0x80728000 \SystemRoot\system32\drivers\ataport.SYS
  0x80746000 \SystemRoot\system32\drivers\fltmgr.sys
  0x80778000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80788000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
  0x8079E000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x82204000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x82275000 \SystemRoot\system32\drivers\ndis.sys
  0x82380000 \SystemRoot\system32\drivers\msrpc.sys
  0x823AB000 \SystemRoot\system32\drivers\NETIO.SYS
  0x89009000 \SystemRoot\System32\drivers\tcpip.sys
  0x890F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x89208000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x89318000 \SystemRoot\system32\drivers\volsnap.sys
  0x89351000 \SystemRoot\System32\Drivers\spldr.sys
  0x89359000 \SystemRoot\System32\Drivers\mup.sys
  0x89368000 \SystemRoot\System32\drivers\ecache.sys
  0x8938F000 \SystemRoot\system32\drivers\disk.sys
  0x893A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x893C1000 \SystemRoot\system32\drivers\crcdisk.sys
  0x893EA000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x89111000 \SystemRoot\system32\DRIVERS\amdk8.sys
  0x893F3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8D201000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x8D924000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8D9C5000 \SystemRoot\System32\drivers\watchdog.sys
  0x89121000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
  0x8D9D1000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x89196000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8D9DB000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8D9EA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
  0x891D4000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8DC07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8DC94000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8DCA7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8DCB2000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8DCBD000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
  0x8DCCE000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x8DCE8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8DCEC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8DD1B000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8DD5C000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8DD67000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8DD7E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8DD89000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8DDAC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8DDBB000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8DDCF000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8DDE4000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8DDF4000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x807A7000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8DDF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8D9EC000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8DE06000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8DE3B000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8DE4C000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
  0x8DE88000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
  0x8E405000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
  0x8E4B8000 \SystemRoot\system32\drivers\modem.sys
  0x8E4C5000 \SystemRoot\system32\drivers\HdAudio.sys
  0x8E504000 \SystemRoot\system32\drivers\portcls.sys
  0x8E531000 \SystemRoot\system32\drivers\drmk.sys
  0x8E556000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8E55F000 \SystemRoot\System32\Drivers\Null.SYS
  0x8E566000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8E56D000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
  0x8E573000 \SystemRoot\System32\Drivers\DLADiagM.SYS
  0x8E575000 \SystemRoot\System32\Drivers\DLAPMonM.SYS
  0x8E58B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8E592000 \SystemRoot\System32\drivers\vga.sys
  0x8E59E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8E5BF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8E5C7000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8E5CF000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8E5DA000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8E5E8000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8DF8C000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8E5F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8E57B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8E5FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8DFA2000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8DFAA000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8EA05000 \SystemRoot\system32\drivers\afd.sys
  0x8EA4D000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8EA7F000 \SystemRoot\system32\DRIVERS\vsdatant.sys
  0x8EB0A000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8EB20000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8EB2E000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8EB41000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8EB47000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8EB83000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8EB8D000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8EBA4000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8EBCB000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8EBD8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8EBE3000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x95040000 \SystemRoot\System32\win32k.sys
  0x8EBEB000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8DFBE000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x95260000 \SystemRoot\System32\TSDDD.dll
  0x95280000 \SystemRoot\System32\cdd.dll
  0x8DFCD000 \SystemRoot\system32\drivers\luafv.sys
  0x8DFE8000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x8EBF5000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
  0x8EA00000 \SystemRoot\System32\DLA\DLADResM.SYS
  0x893CA000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
  0x8E400000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
  0x8EA01000 \SystemRoot\System32\DLA\DLAPoolM.SYS
  0x8DC00000 \SystemRoot\System32\DLA\DLABMFSM.SYS
  0x8D9F9000 \SystemRoot\System32\DLA\DLABOIOM.SYS
  0x823E6000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
  0x807D1000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
  0x97609000 \SystemRoot\system32\drivers\spsys.sys
  0x976B9000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x976C9000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x976F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x976FD000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x97710000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
  0x97718000 \SystemRoot\system32\drivers\HTTP.sys
  0x97785000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x977A2000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x977BB000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x977D0000 \SystemRoot\system32\drivers\mrxdav.sys
  0x805E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9B605000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9B63E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9B656000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9B67D000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9B6CB000 \SystemRoot\system32\drivers\peauth.sys
  0x9B7A9000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x9B7D1000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9B7DB000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9B7E7000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x76FA0000 \Windows\System32\ntdll.dll

Processes (total 50):
       0 System Idle Process
       4 System
     380 C:\Windows\System32\smss.exe
     448 csrss.exe
     500 C:\Windows\System32\wininit.exe
     508 csrss.exe
     568 C:\Windows\System32\winlogon.exe
     584 C:\Windows\System32\services.exe
     596 C:\Windows\System32\lsass.exe
     604 C:\Windows\System32\lsm.exe
     776 C:\Windows\System32\svchost.exe
     896 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
    1092 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1180 C:\Windows\System32\audiodg.exe
    1216 C:\Windows\System32\SLsvc.exe
    1252 C:\Windows\System32\svchost.exe
    1408 C:\Windows\System32\svchost.exe
    1496 C:\Windows\System32\ZoneLabs\vsmon.exe
    1708 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    1812 C:\Windows\System32\spoolsv.exe
    1836 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1848 C:\Windows\System32\svchost.exe
    2024 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
     272 C:\Windows\System32\svchost.exe
     292 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1624 C:\Windows\System32\taskeng.exe
    1320 C:\Windows\System32\dwm.exe
    1932 C:\Windows\System32\taskeng.exe
    2244 C:\Windows\System32\svchost.exe
    2280 C:\Windows\System32\svchost.exe
    2372 C:\Windows\System32\SearchIndexer.exe
    3136 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3184 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    3200 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    3216 C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe
    3252 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3268 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3396 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3680 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    3828 C:\Program Files\Internet Explorer\iedw.exe
    3912 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    3432 C:\Program Files\Internet Explorer\iexplore.exe
    3072 C:\Windows\System32\wuauclt.exe
    3152 C:\Windows\explorer.exe
    2236 C:\Windows\System32\SearchProtocolHost.exe
    3128 C:\Windows\System32\SearchFilterHost.exe
    3768 C:\Users\***\Desktop\MBRCheck.exe
    3160 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87600000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000  (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK8037GSX, Rev: DL240D  

      Size  Device Name          MBR Status
  --------------------------------------------
     74 GB  \\.\PhysicalDrive0   Windows Vista MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
         

Antwort

Themen zu Java-Virus JAVA/Stutter.E
adware.yabector, aktiv, antivir, beseitigen, erkennen, fenster, geöffnete, java-virus, java/stutter.e, nicht mehr, nicht mehr öffnen, quarantäne, rückmeldung, stutter.e, systems, systemsteuerung, virus, weißes, weißes fenster, öffnen



Ähnliche Themen: Java-Virus JAVA/Stutter.E


  1. Währens trovigo-Virus-Entfernung Java-Virus Java/Exploit.Agent.OHY trojan entdeckt, den ich nicht loswerde.
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (11)
  2. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  3. Java-Virus JAVA/Dldr.Themod.IE + EXP/CVE-2013-0431.BK mit Avira entdeckt
    Log-Analyse und Auswertung - 06.06.2013 (15)
  4. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  5. Funde von Avira & Malwarebytes A-M: Java-Virus JAVA/Rilly.CL & Trojan.Zbot.EPSF
    Plagegeister aller Art und deren Bekämpfung - 16.01.2013 (17)
  6. Java-Virus JAVA/Dldr.Dermit.C, JAVA/Dldr.Kara.AB.1, JAVA/Dldr.Karame.AI
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  7. Java-Virus JAVA/Tange.C, Java-Virus JAVA/Stutter.AI.3,...
    Log-Analyse und Auswertung - 07.10.2012 (14)
  8. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  9. Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (18)
  10. Rechner hakt alle paar sekunden, Programme öffnen erst nach mehreren Minuten, JAVA/Stutter.I.1
    Log-Analyse und Auswertung - 01.08.2011 (1)
  11. Java-Virus JAVA/Stutter.AG und Java-Virus JAVA/Stutter.AH
    Plagegeister aller Art und deren Bekämpfung - 27.06.2011 (26)
  12. TR/Dropper.gen , JAVA/Agent.10515 und JAVA/Stutter.I.1 halten sich hartnäckig im System
    Log-Analyse und Auswertung - 28.04.2011 (46)
  13. Trojanische Pferd TR/EyeStye.H.128 und Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI gefunden!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (26)
  14. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  15. Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C
    Plagegeister aller Art und deren Bekämpfung - 13.11.2010 (18)
  16. Trojanische Pferd TR/Click.Cycler.akna und Java-Virus JAVA/Dldr.Agent.W
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (1)
  17. Virus Java-Virus JAVA/Dldr.Agent.C gefunden; Bitte um Prüfung des Hijack Logfiles
    Log-Analyse und Auswertung - 24.07.2007 (3)

Zum Thema Java-Virus JAVA/Stutter.E - Hallo, und vielen Dank, dass es dieses Forum gibt. Es hat sich der Virus JAVA/Stutter.E eingeschlichen, den ich in Quarantäne geschoben habe. Wie kann ich ihn richtig beseitigen und erkennen, - Java-Virus JAVA/Stutter.E...
Archiv
Du betrachtest: Java-Virus JAVA/Stutter.E auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.