Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: malware! Hilfe!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.01.2010, 10:48   #1
Firely
 
malware! Hilfe! - Standard

malware! Hilfe!



guten morgen ^^
vielleicht gleich am anfang, ich bin kein proficomputerbenutzer, sollte ich also was falsch ausdrücken oder dumm nachfragen, bitte ich um verständnis

kann antivir nicht mehr öffnen. vor ein, zwei wochen kam auch noch das windows security alert fenster, doch als ich den cleaner drüberlaufen hab lassen, erscheint es jetzt nicht mehr. dennoch ist der pc unglaublich langsam, manchmal fährt er sich von alleine runter und antivir lässt sich nach wie vor nicht öffen.

hab im forum schon ein bisschen rumgesurft, d.h. anbei die logfiles.

das erste ist das log. txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-12 10:38:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (47%) free of 57 GB
Total RAM: 1023 MB (43% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}]
Automated Content Enhancer - C:\Programme\Automated Content Enhancer\4.2.0.5360\ACEIEAddOn.dll [2009-12-18 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}]
Customized Platform Advancer - C:\Programme\Customized Platform Advancer\4.2.0.2050\CPAIEAddOn.dll [2009-12-18 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Toolbar Registrar - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}]
Content Management Wizard - C:\Programme\Content Management Wizard\1.2.0.2080\CMWIE.dll [2009-12-17 1323008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}]
Textual Content Provider - C:\Programme\Textual Content Provider\1.2.0.2040\TCPIE.dll [2009-12-24 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}]
Web Search Operator - C:\Programme\Web Search Operator\4.2.0.2150\wso.dll [2009-12-18 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Toolbar - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-09-24 4870144]
"nwiz"=nwiz.exe /install []
"SENS Keyboard V4 Launcher"=C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE [2003-03-04 45056]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-20 88363]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Internet Today Task"=C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe [2009-12-17 348160]
"ZoneAlarm Client"=C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"ISW"=C:\Programme\CheckPoint\ZAForceField\ForceField.exe [2009-10-14 730480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedswitchXP"=C:\Programme\SpeedswitchXP\SpeedswitchXP.exe [2006-07-14 626688]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"matf.de updater"=C:\Programme\Gemeinsame Dateien\matf_update\matf_updater.exe [2007-07-31 1084416]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Software Informer"=C:\Programme\Software Informer\softinfo.exe [2009-11-18 1990725]
"ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ec424f0-843d-11de-b962-0012f01e16f1}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 2 months======

2010-01-12 10:38:35 ----D---- C:\Programme\trend micro
2010-01-12 10:38:33 ----D---- C:\rsit
2009-12-31 17:22:10 ----D---- C:\Programme\Browser Hack Recover
2009-12-31 16:58:36 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CheckPoint
2009-12-31 16:58:10 ----D---- C:\Programme\CheckPoint
2009-12-31 16:58:05 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-12-31 16:58:03 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-12-31 16:58:03 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-12-31 16:57:56 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-12-31 16:57:55 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-12-31 16:57:55 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-12-31 16:57:55 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-12-31 16:57:55 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-12-31 16:57:55 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-12-31 16:57:52 ----D---- C:\Programme\Zone Labs
2009-12-31 16:57:24 ----D---- C:\WINDOWS\Internet Logs
2009-12-31 16:57:24 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-12-31 16:57:24 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-12-31 16:57:24 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-12-26 20:22:27 ----SHD---- C:\Config.Msi
2009-12-25 20:51:25 ----D---- C:\Programme\QuestService
2009-12-25 20:51:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService
2009-12-25 20:50:14 ----D---- C:\Programme\Textual Content Provider
2009-12-25 20:49:20 ----D---- C:\Programme\Content Management Wizard
2009-12-25 20:47:40 ----D---- C:\Programme\Internet Today
2009-12-25 20:47:04 ----D---- C:\Programme\Customized Platform Advancer
2009-12-25 20:46:55 ----D---- C:\Programme\Automated Content Enhancer
2009-12-25 20:45:43 ----D---- C:\Programme\Web Search Operator
2009-12-25 20:44:58 ----D---- C:\Programme\GameRaving Toolbar
2009-12-24 19:35:04 ----D---- C:\09277ad8abc7117bd075
2009-12-24 17:10:34 ----D---- C:\4d8b0858380ae9be382ada20c055
2009-12-24 16:48:29 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-12-24 15:44:44 ----D---- C:\Programme\CCleaner
2009-12-24 14:53:29 ----D---- C:\WINDOWS\Minidump
2009-12-24 14:49:44 ----D---- C:\Programme\Malware Defense
2009-12-24 14:20:17 ----A---- C:\WINDOWS\system32\krl32mainweq.dll
2009-12-24 14:19:04 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
2009-12-08 15:22:57 ----D---- C:\Programme\Accessdiver
2009-11-18 20:11:07 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Software Informer
2009-11-18 20:11:06 ----D---- C:\Programme\Software Informer
2009-11-18 12:00:12 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2009-11-18 11:59:57 ----D---- C:\Programme\Google
2009-11-18 10:35:00 ----A---- C:\WINDOWS\zwer_1258536884.exe
2009-11-17 15:54:04 ----A---- C:\WINDOWS\zwer_1258469630.exe
2009-11-17 15:53:07 ----A---- C:\WINDOWS\zwer_1258469543.exe
2009-11-16 13:47:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hps
2009-11-16 13:21:28 ----D---- C:\Programme\dm
2009-11-16 10:43:30 ----A---- C:\WINDOWS\zwer_1258364601.exe
2009-11-15 20:05:27 ----A---- C:\WINDOWS\zwer_1258311855.exe
2009-11-15 19:23:51 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-15 16:14:24 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
2009-11-15 16:09:51 ----A---- C:\WINDOWS\zwer_1258297781.exe
2009-11-14 20:02:31 ----D---- C:\Programme\OpenOffice.org 3

======List of files/folders modified in the last 2 months======

2010-01-12 10:38:35 ----RD---- C:\Programme
2010-01-12 08:56:50 ----D---- C:\Programme\Mozilla Firefox
2010-01-12 08:49:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-12 08:46:22 ----D---- C:\WINDOWS\Temp
2010-01-12 08:46:22 ----D---- C:\WINDOWS\system32
2010-01-11 22:01:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-10 19:58:50 ----D---- C:\WINDOWS\Prefetch
2010-01-09 18:24:27 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3
2010-01-02 19:21:26 ----D---- C:\WINDOWS
2009-12-31 17:19:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-12-31 17:18:56 ----D---- C:\WINDOWS\system32\drivers
2009-12-31 17:18:18 ----SD---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
2009-12-31 16:45:39 ----D---- C:\WINDOWS\Debug
2009-12-29 21:20:29 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-28 23:40:45 ----D---- C:\Programme\ICQ6.5
2009-12-26 20:23:40 ----HD---- C:\WINDOWS\inf
2009-12-26 20:22:30 ----D---- C:\WINDOWS\WinSxS
2009-12-26 20:22:25 ----SHD---- C:\WINDOWS\Installer
2009-12-26 20:15:56 ----D---- C:\Programme\Gemeinsame Dateien
2009-12-01 12:06:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-20 15:45:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-18 20:32:58 ----D---- C:\Programme\Gemeinsame Dateien\Roxio Shared
2009-11-18 20:32:54 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield
2009-11-18 20:32:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Roxio
2009-11-18 20:32:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-18 20:32:25 ----RSD---- C:\WINDOWS\Fonts
2009-11-18 20:24:30 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Research In Motion
2009-11-18 20:24:06 ----D---- C:\Programme\Research In Motion
2009-11-18 12:12:39 ----SD---- C:\WINDOWS\Tasks
2009-11-18 12:00:19 ----D---- C:\Programme\DivX
2009-11-15 19:25:10 ----D---- C:\Program Files
2009-11-15 19:24:44 ----HD---- C:\Programme\InstallShield Installation Information
2009-11-14 20:06:14 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Programme\CheckPoint\ZAForceField\ISWKL.sys []
R3 AgereSoftModem;SENS LT56ADW Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-20 1265388]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-05-15 43136]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cs429x;Cirrus Logic WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwawdm.sys [2003-08-25 111808]
R3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000); C:\WINDOWS\System32\Drivers\FLMckUSB.sys [2004-07-14 80724]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-09-24 1383450]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
S3 ADDMEM;ADDMEM; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\__Samsung_Update\ADDMEM.SYS []
S3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-12-31 12288]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RimUsb;BlackBerry-Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-12-31 5888]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-12-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Programme\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 476528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-09-24 77824]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 gupdate1ca683e4c28dc90;Google Update Service (gupdate1ca683e4c28dc90); C:\Programme\Google\Update\GoogleUpdate.exe [2009-11-18 133104]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-23 355584]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------



hier das info txt.

info.txt logfile of random's system information tool 1.06 2010-01-12 10:38:48

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A01182B4-DF96-4581-8A44-7C1D86FE2DC2}\setup.exe" -l0x7 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 5.0 PowerPack-->MsiExec.exe /I{316B6021-BB9B-4200-BD7B-2B4634C2F356}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Browser Hijack Recover(BHR) 2.2-->"C:\Programme\Browser Hack Recover\unins000.exe"
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CoolDesk XP-->"C:\Programme\IRsoft\CoolDesk XP\uninstall.exe"
Die Sims™ 3-->"C:\Programme\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dm Fotowelt-->"C:\Programme\dm\dm Fotowelt\uninstall.exe"
EDNetz Fotoalbum 1-->"C:\Programme\EDNetz Fotoalbum\unins000.exe"
EVEREST Ultimate Edition v4.60-->"C:\Programme\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Mega Codec Pack 4.1.7-->"C:\Programme\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.4.24567-->"C:\Programme\Last.fm\unins000.exe"
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.0.17)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 6 Ultra Edition-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvsm.inf
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RICOH Media Card Driver-->MsiExec.exe /X{C84AAC64-0C46-11D7-ADBA-0004AC2F50EA}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SENS Keyboard V4 Launcher-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E575CAA7-3ABC-417E-9352-30EF31611E13}\Setup.exe" Remove
SENS LT56ADW Modem-->agrsmdel
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Software Informer 1.0 BETA-->"C:\Programme\Software Informer\unins000.exe"
SpeedswitchXP V1.5-->"C:\Programme\SpeedswitchXP\uninstall.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
XnView 1.95.4-->"C:\Programme\XnView\unins000.exe"
ZoneAlarm Toolbar-->C:\Programme\CheckPoint\ZAForceField\Uninstall.exe
ZoneAlarm-->C:\Programme\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: Malware Defense (outdated)

======System event log======

Computer Name: SAMSUNG_X10P
Event Code: 4201
Message: Netzwerkadapter "Intel(R) PRO/Wireless 2200BG Network Connection" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 21132
Source Name: Tcpip
Time Written: 20091202170852.000000+060
Event Type: Informationen
User:

Computer Name: SAMSUNG_X10P
Event Code: 17
Message:
Record Number: 21131
Source Name: avgntflt
Time Written: 20091202170852.000000+060
Event Type: Informationen
User:

Computer Name: SAMSUNG_X10P
Event Code: 4201
Message: Netzwerkadapter "Intel(R) PRO/Wireless 2200BG Network Connection" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 21130
Source Name: Tcpip
Time Written: 20091202170852.000000+060
Event Type: Informationen
User:

Computer Name: SAMSUNG_X10P
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet.

Record Number: 21129
Source Name: Service Control Manager
Time Written: 20091202170850.000000+060
Event Type: Informationen
User: SAMSUNG_X10P\Administrator

Computer Name: SAMSUNG_X10P
Event Code: 7036
Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt".

Record Number: 21128
Source Name: Service Control Manager
Time Written: 20091202170850.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: SAMSUNG_X10P
Event Code: 4096
Message:
Record Number: 1605
Source Name: Avira AntiVir
Time Written: 20090826140313.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: SAMSUNG_X10P
Event Code: 1000
Message: Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.1042, fehlgeschlagenes Modul mshtml.dll, Version 7.0.6000.16735, Fehleradresse 0x002359e3.

Record Number: 1604
Source Name: Application Error
Time Written: 20090825205547.000000+120
Event Type: Fehler
User:

Computer Name: SAMSUNG_X10P
Event Code: 4096
Message:
Record Number: 1603
Source Name: Avira AntiVir
Time Written: 20090825104111.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: SAMSUNG_X10P
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 1602
Source Name: SecurityCenter
Time Written: 20090825104104.000000+120
Event Type: Informationen
User:

Computer Name: SAMSUNG_X10P
Event Code: 1517
Message: Die Registrierung des Benutzers "SAMSUNG_X10P\Administrator" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird.


Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden.

Record Number: 1601
Source Name: Userenv
Time Written: 20090825014713.000000+120
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\;C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared\;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

Alt 12.01.2010, 12:15   #2
Chris4You
 
malware! Hilfe! - Standard

malware! Hilfe!



Hi,

Rookitverdacht...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
    und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\WINDOWS\system32\krl32mainweq.dll
C:\WINDOWS\zwer_1258536884.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

GMER:
Gmer:
http://www.trojaner-board.de/74908-anleitung-gmer-rootkit-scanner.html
Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

Probiere GMER eventuell im abgesicherten Modus (F8 beim Booten drücken)...

chris
__________________

__________________

Alt 12.01.2010, 20:06   #3
Firely
 
malware! Hilfe! - Standard

malware! Hilfe!



ok, anbei ist das GMER file:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 16:08:39
Windows 5.1.2600 Service Pack 3
Running: lz8brfyd.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kwtoypow.sys


---- System - GMER 1.0.15 ----

Code 8672EDC0 ZwEnumerateKey
Code 865871C8 ZwFlushInstructionCache
Code 865761DE IofCallDriver
Code 864AAB76 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 865761E3
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 864AAB7B
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 8672EDC4
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 865871CC
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF74CD340, 0x10843F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D5300, 0x237860, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Java\jre6\bin\jqs.exe[152] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1532] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1532] USER32.dll!DefDlgProcW + 56E 7E3742A8 3 Bytes JMP 20C291E8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1532] USER32.dll!DefDlgProcW + 572 7E3742AC 1 Byte [A2]
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209A37DD C:\Programme\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] USER32.dll!DefDlgProcW + 56E 7E3742A8 3 Bytes JMP 20C291E8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] USER32.dll!DefDlgProcW + 572 7E3742AC 1 Byte [A2]
.text C:\Programme\SAMSUNG\SENS Keyboard V4
__________________

Alt 12.01.2010, 20:06   #4
Firely
 
malware! Hilfe! - Standard

malware! Hilfe!



Launcher\SENSKBD.EXE[1960] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209A37DD C:\Programme\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 20A93D71 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 0306000A
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!connect 71A14A07 5 Bytes JMP 02AF000A
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!send 71A14C27 5 Bytes JMP 0307000A
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 20A93E15 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!recv 71A1676F 5 Bytes JMP 20A93C29 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 20A93F07 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!WSASendDisconnect 71A20A22 5 Bytes JMP 20A9409B C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 20A93FCE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] USER32.dll!DefDlgProcW + 56E 7E3742A8 3 Bytes JMP 20C291E8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] USER32.dll!DefDlgProcW + 572 7E3742AC 1 Byte [A2]
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EFDED3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EFDED3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EFE10480] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EFDED3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [EFDED3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EFDED3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EFDE4DB0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EFDE5170] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Java\jre6\bin\jqs.exe[152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\AGRSMMSG.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Java\jre6\bin\jusched.exe[392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[492] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\iTunes\iTunesHelper.exe[660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[800] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\nvsvc32.exe[944] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[956] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A541D0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54A20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A549E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52960] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ctfmon.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[1344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52960] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A541D0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54A20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A549E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [7C8840D8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [7C8840CE] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [7C8840D3] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8840C9] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\spoolsv.exe[1600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[2116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Software Informer\softinfo.exe[2160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\ICQ6.5\ICQ.exe[2172] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[2512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\iPod\bin\iPodService.exe[2812] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Mozilla Firefox\firefox.exe[3568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRThqlexublov.sys (*** hidden *** ) F5F0E000-F5F2A000 (114688 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [800] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [872] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [956] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1100] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1116] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1344] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\H8SRThqlexublov.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRThqlexublov.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRThqlexublov.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTxyqjxnmbfx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTyvlxhesmkp.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTafucfmueqg.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRThqlexublov.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRThqlexublov.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTxyqjxnmbfx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTyvlxhesmkp.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTafucfmueqg.dll

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\H8SRT3cc8.tmp 343040 bytes executable
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\h8srtmainqt.dll 16657 bytes
File C:\WINDOWS\Temp\H8SRT6e08.tmp 246 bytes
File C:\WINDOWS\Temp\H8SRT7527.tmp 36864 bytes executable
File C:\WINDOWS\Temp\H8SRT7a97.tmp 40960 bytes executable
File C:\WINDOWS\Temp\H8SRT924d.tmp 463 bytes
File C:\WINDOWS\system32\drivers\H8SRThqlexublov.sys 39936 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\H8SRTafucfmueqg.dll 40960 bytes executable
File C:\WINDOWS\system32\H8SRTlyxetjetnb.dll 36864 bytes executable
File C:\WINDOWS\system32\H8SRTxyqjxnmbfx.dll 23040 bytes executable
File C:\WINDOWS\system32\H8SRTyvlxhesmkp.dat 204 bytes

---- EOF - GMER 1.0.15 ----

Alt 12.01.2010, 20:07   #5
Firely
 
malware! Hilfe! - Standard

malware! Hilfe!



hier C:\WINDOWS\zwer_1258536884.exe

Datei zwer_1258536884.exe empfangen 2010.01.12 12:34:34 (UTC)
Status: Beendet
Ergebnis: 0/41 (0.00%)
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.48 2010.01.12 -
AhnLab-V3 5.0.0.2 2010.01.12 -
AntiVir 7.9.1.134 2010.01.12 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.12 -
Avast 4.8.1351.0 2010.01.11 -
AVG 9.0.0.725 2010.01.12 -
BitDefender 7.2 2010.01.12 -
CAT-QuickHeal 10.00 2010.01.12 -
ClamAV 0.94.1 2010.01.12 -
Comodo 3556 2010.01.12 -
DrWeb 5.0.1.12222 2010.01.12 -
eSafe 7.0.17.0 2010.01.11 -
eTrust-Vet 35.2.7232 2010.01.12 -
F-Prot 4.5.1.85 2010.01.12 -
F-Secure 9.0.15370.0 2010.01.12 -
Fortinet 4.0.14.0 2010.01.12 -
GData 19 2010.01.12 -
Ikarus T3.1.1.80.0 2010.01.12 -
Jiangmin 13.0.900 2010.01.12 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.12 -
McAfee 5858 2010.01.11 -
McAfee+Artemis 5858 2010.01.11 -
McAfee-GW-Edition 6.8.5 2010.01.12 -
Microsoft 1.5302 2010.01.12 -
NOD32 4763 2010.01.12 -
Norman 6.04.03 2010.01.12 -
nProtect 2009.1.8.0 2010.01.12 -
Panda 10.0.2.2 2010.01.11 -
PCTools 7.0.3.5 2010.01.12 -
Prevx 3.0 2010.01.12 -
Rising 22.30.01.03 2010.01.12 -
Sophos 4.49.0 2010.01.12 -
Sunbelt 3.2.1858.2 2010.01.12 -
Symantec 20091.2.0.41 2010.01.12 -
TheHacker 6.5.0.3.147 2010.01.12 -
TrendMicro 9.120.0.1004 2010.01.12 -
VBA32 3.12.12.1 2010.01.12 -
ViRobot 2010.1.12.2132 2010.01.12 -
VirusBuster 5.0.21.0 2010.01.11 -
weitere Informationen
File size: 3733 bytes
MD5 : 4837e42208a96b5e307d329c47f0051e
SHA1 : 1a449a2942aa4dfd54382102f3e3e3395f509000
SHA256: b4c8eae711af2de2fb4a52f4e97d1b47b21ff95a3db769d852e8fe1ad41b679b
TrID : File type identification
Text - UTF-8 encoded (100.0%)
ssdeep: 48:uqoAp2kj6ZNned7EqHxQ3T4CkbPLqeFbvy5tOfgSzvfDS9ZFodNMgnmoy0QW+Ng6:uBgNaD4CmPLjko7KYMgnmoGP03+
PEiD : -
packers (F-Prot): UTF-8
RDS : NSRL Reference Data Set


und hier ist C:\WINDOWS\system32\krl32mainweq.dll

Datei krl32mainweq.dll empfangen 2010.01.12 12:29:53 (UTC)
Status: Beendet
Ergebnis: 1/41 (2.44%)
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.48 2010.01.12 -
AhnLab-V3 5.0.0.2 2010.01.12 -
AntiVir 7.9.1.134 2010.01.12 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.12 -
Avast 4.8.1351.0 2010.01.11 -
AVG 9.0.0.725 2010.01.12 -
BitDefender 7.2 2010.01.12 -
CAT-QuickHeal 10.00 2010.01.12 -
ClamAV 0.94.1 2010.01.12 -
Comodo 3556 2010.01.12 -
DrWeb 5.0.1.12222 2010.01.12 -
eSafe 7.0.17.0 2010.01.11 -
eTrust-Vet 35.2.7232 2010.01.12 -
F-Prot 4.5.1.85 2010.01.12 -
F-Secure 9.0.15370.0 2010.01.12 -
Fortinet 4.0.14.0 2010.01.12 -
GData 19 2010.01.12 -
Ikarus T3.1.1.80.0 2010.01.12 -
Jiangmin 13.0.900 2010.01.12 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.12 -
McAfee 5858 2010.01.11 -
McAfee+Artemis 5858 2010.01.11 -
McAfee-GW-Edition 6.8.5 2010.01.12 -
Microsoft 1.5302 2010.01.12 -
NOD32 4763 2010.01.12 -
Norman 6.04.03 2010.01.12 -
nProtect 2009.1.8.0 2010.01.12 -
Panda 10.0.2.2 2010.01.11 -
PCTools 7.0.3.5 2010.01.12 -
Prevx 3.0 2010.01.12 -
Rising 22.30.01.03 2010.01.12 -
Sophos 4.49.0 2010.01.12 Mal/TDSSConf-A
Sunbelt 3.2.1858.2 2010.01.12 -
Symantec 20091.2.0.41 2010.01.12 -
TheHacker 6.5.0.3.147 2010.01.12 -
TrendMicro 9.120.0.1004 2010.01.12 -
VBA32 3.12.12.1 2010.01.12 -
ViRobot 2010.1.12.2132 2010.01.12 -
VirusBuster 5.0.21.0 2010.01.11 -
weitere Informationen
File size: 934 bytes
MD5 : 6f3a2f60cc0f0bad939bdd93d30e4159
SHA1 : 0c096caff1ede90c93c23d1bc9c8f1a6aa06ed9f
SHA256: 18edae8fe513f8c56f0db0add9a768ba9e22e587019072ad53626beea9cdbfb7
TrID : File type identification
Unknown!
ssdeep: 24:X/tKQtTX2LxDNLTgBm4Ff3+r4DbiTmMxlcW8GqzaXic:PtKQtyLxBLTMm4Fmk/ibbqFc
PEiD : -
RDS : NSRL Reference Data Set
-


Alt 12.01.2010, 21:23   #6
Chris4You
 
malware! Hilfe! - Standard

malware! Hilfe!



Hi,

wow schwaches Bild der Scanner nur einer...
Und Zonealarm macht das GMER-Log zum reinsten Vergnügen...

Es ist ein Rookit vorhanden, daher:


Bereinigung für Rootkit "H8SRTd"

Zuerst versucht ihr MAM zu installieren, dazu benennt es bereits im Downloaddialog auf
z.B. Test.exe um. Startet es nach der Installation nicht, wartet bis Avenger den
Rootkit "ausgeknippst" hat und lasst es dann sofort laufen (nach dem Update der Signaturen!)

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls MAM bereits installiert ist, weiter mit Avenger...

Anleitung Avenger (by swandog46)

1.) Ladet das Tool Avenger und speichere es auf dem Desktop:



2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")


Code:
ATTFilter
Drivers to delete:
H8SRTd.sys

Folders to delete:
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp
         
3.) Schliesst alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach Ausführen des Avengers wird das System neu gestartet.

4.) Um Avenger zu starten klicke auf -> Execute
Dann bestätigt mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest ihr hier einen Report von Avenger -> C:\avenger.txt
Öffnet die Datei mit dem Editor und kopiert den gesamten Text in Euren Beitrag hier am Trojaner-Board.

Nun bitte sofort MAM starten, Fullscann und alles bereinigen lassen, Log posten:
Startet MAM immer noch nicht, in das Installationsverzeichnis von MAM wechseln und die EXE von MAM (mbam.exe)
auf z. B. test.exe umbenennen und durch Doppelklick starten. Nach Beendigung des Scanns (und MAM) nennt ihr sie
auf den ursprünglichen Namen (mbam.exe) zurück.

Poste danach ein neues GMER-Log und OTL-Log:
OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris
__________________
--> malware! Hilfe!

Alt 12.01.2010, 22:30   #7
Firely
 
malware! Hilfe! - Standard

malware! Hilfe!



avenger file ist schonmal hier:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "H8SRTd.sys" found!
ImagePath: \systemroot\system32\drivers\H8SRThqlexublov.sys
Start Type: 4 (Disabled)

Rootkit scan completed.

Driver "H8SRTd.sys" deleted successfully.
Folder "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Alt 12.01.2010, 23:09   #8
Chris4You
 
malware! Hilfe! - Standard

malware! Hilfe!



Hi,

nun sollten zumindest die Antivirenlösungen wieder freie Bahn haben, wie
gepostet vorgehen (möglichst gleich, damit nichts von den Biestern nachgeladen werden kann)...
chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.01.2010, 23:35   #9
Firely
 
malware! Hilfe! - Standard

malware! Hilfe!



hier die malware log datei:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12.01.2010 23:34:55
mbam-log-2010-01-12 (23-34-55).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 173598
Laufzeit: 45 minute(s), 19 second(s)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 10
Infizierte Registrierungsschlüssel: 55
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 31
Infizierte Dateien: 95

Infizierte Speicherprozesse:
C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Programme\Internet Today\1.2.0.1420\SkinCrafterDll.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\4.2.0.2150\lri.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\4.2.0.2150\WSOCommon.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Automated Content Enhancer\4.2.0.5360\ACECommon.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Automated Content Enhancer\4.2.0.5360\lri.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\4.2.0.2050\CPACommon.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\4.2.0.2050\lri.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet today task (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Internet Today\1.2.0.1420 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\4.2.0.2150 (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\4.2.0.2150\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\FF (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\4.2.0.2150\FF\chrome (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\4.2.0.2150\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\FF\components (Adware.Agent) -> Delete on reboot.
C:\Programme\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer (Adware.Agent) -> Delete on reboot.
C:\Programme\Automated Content Enhancer\4.2.0.5360 (Adware.Agent) -> Delete on reboot.
C:\Programme\Automated Content Enhancer\4.2.0.5360\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF (Adware.Agent) -> Delete on reboot.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\chrome (Adware.Agent) -> Delete on reboot.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\components (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\4.2.0.2050 (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\4.2.0.2050\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\chrome (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\components (Adware.Agent) -> Delete on reboot.
C:\Programme\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programme\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programme\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080\CMWIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\CPAIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\ACEpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080\cmwpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\CPApx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\tcppx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\WSOpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Internet Today\1.2.0.1420\PixelLogExe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP215\A0068842.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP222\A0073980.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP222\A0073982.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTafucfmueqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTlyxetjetnb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTxyqjxnmbfx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\H8SRThqlexublov.sys (Malware.Packer) -> Quarantined and deleted successfully.
C:\Programme\Internet Today\1.2.0.1420\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Internet Today\1.2.0.1420\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Internet Today\1.2.0.1420\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Internet Today\1.2.0.1420\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Internet Today\1.2.0.1420\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Internet Today\1.2.0.1420\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Internet Today\1.2.0.1420\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\lri.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\4.2.0.2150\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\WSOCommon.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\4.2.0.2150\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\4.2.0.2150\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Web Search Operator\4.2.0.2150\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\LRI.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\data\TP_DomainInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Textual Content Provider\1.2.0.2040\data\TP_KeywordInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\ACECommon.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Automated Content Enhancer\4.2.0.5360\lri.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Automated Content Enhancer\4.2.0.5360\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Delete on reboot.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\CPACommon.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\4.2.0.2050\lri.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\4.2.0.2050\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080\LRI.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programme\Content Management Wizard\1.2.0.2080\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService\questservice110.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programme\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146116101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465150.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465155.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465355.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTyvlxhesmkp.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\H8SRT924d.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146101105.rx (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mmsmark3.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

Alt 12.01.2010, 23:41   #10
Chris4You
 
malware! Hilfe! - Standard

malware! Hilfe!



Hi,

sieh an, die Herren vom TDSS kommen nicht mehr nur mit "Malware Defens" sondern mit neuen Sachen, gibt wohl mehr Kohle...
Das dürfte nicht alles gewesen sein, daher noch zusätzlich:
Stelle Avira wie folgt ein: http://www.trojaner-board.de/54192-a...tellungen.html
Führe einen Systemscan durch und poste das Ergebnis!

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.01.2010, 23:45   #11
Firely
 
malware! Hilfe! - Standard

malware! Hilfe!



hier das logfile von gmer:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-12 23:43:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (47%) free of 57 GB
Total RAM: 1023 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:24, on 12.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\SpeedswitchXP\SpeedswitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Software Informer\softinfo.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe
C:\Programme\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mykeysearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISW] "C:\Programme\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Programme\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [matf.de updater] "C:\Programme\Gemeinsame Dateien\matf_update\matf_updater.exe" autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Programme\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224771293710
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6992 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-09-24 4870144]
"nwiz"=nwiz.exe /install []
"SENS Keyboard V4 Launcher"=C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE [2003-03-04 45056]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-20 88363]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-09-21 305440]
"ISW"=C:\Programme\CheckPoint\ZAForceField\ForceField.exe /icon=hidden []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedswitchXP"=C:\Programme\SpeedswitchXP\SpeedswitchXP.exe [2006-07-14 626688]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"matf.de updater"=C:\Programme\Gemeinsame Dateien\matf_update\matf_updater.exe [2007-07-31 1084416]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Software Informer"=C:\Programme\Software Informer\softinfo.exe [2009-11-18 1990725]
"ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ec424f0-843d-11de-b962-0012f01e16f1}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-01-12 22:26:15 ----D---- C:\WINDOWS\Internet Logs
2010-01-12 22:20:59 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2010-01-12 22:19:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2010-01-12 11:59:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-01-12 11:59:55 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-01-12 10:38:35 ----D---- C:\Programme\trend micro
2010-01-12 10:38:33 ----D---- C:\rsit
2009-12-31 17:22:10 ----D---- C:\Programme\Browser Hack Recover
2009-12-31 16:58:36 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CheckPoint
2009-12-31 16:58:10 ----D---- C:\Programme\CheckPoint
2009-12-26 20:22:27 ----SHD---- C:\Config.Msi
2009-12-25 20:44:58 ----D---- C:\Programme\GameRaving Toolbar
2009-12-24 19:35:04 ----D---- C:\09277ad8abc7117bd075
2009-12-24 17:10:34 ----D---- C:\4d8b0858380ae9be382ada20c055
2009-12-24 16:48:29 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-12-24 15:44:44 ----D---- C:\Programme\CCleaner
2009-12-24 14:53:29 ----D---- C:\WINDOWS\Minidump
2009-12-24 14:19:04 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini

======List of files/folders modified in the last 1 months======

2010-01-12 23:42:53 ----D---- C:\Programme\Mozilla Firefox
2010-01-12 23:42:33 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Software Informer
2010-01-12 23:41:20 ----RD---- C:\Programme
2010-01-12 23:41:20 ----D---- C:\WINDOWS\system32\drivers
2010-01-12 23:41:20 ----D---- C:\WINDOWS\Cursors
2010-01-12 23:40:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-12 23:34:54 ----D---- C:\WINDOWS\Temp
2010-01-12 23:34:54 ----D---- C:\WINDOWS\system32
2010-01-12 23:34:54 ----D---- C:\WINDOWS
2010-01-12 22:24:32 ----D---- C:\WINDOWS\Prefetch
2010-01-12 22:22:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-12 22:19:28 ----D---- C:\Programme\Google
2010-01-12 22:19:25 ----SD---- C:\WINDOWS\Tasks
2010-01-12 11:46:24 ----SD---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
2010-01-09 18:24:27 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3
2010-01-01 16:49:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-12-31 16:45:39 ----D---- C:\WINDOWS\Debug
2009-12-29 21:20:29 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-28 23:40:45 ----D---- C:\Programme\ICQ6.5
2009-12-26 20:23:40 ----HD---- C:\WINDOWS\inf
2009-12-26 20:22:30 ----D---- C:\WINDOWS\WinSxS
2009-12-26 20:22:25 ----SHD---- C:\WINDOWS\Installer
2009-12-26 20:15:56 ----D---- C:\Programme\Gemeinsame Dateien

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R3 AgereSoftModem;SENS LT56ADW Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-20 1265388]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-05-15 43136]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cs429x;Cirrus Logic WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwawdm.sys [2003-08-25 111808]
R3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000); C:\WINDOWS\System32\Drivers\FLMckUSB.sys [2004-07-14 80724]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-09-24 1383450]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
S3 ADDMEM;ADDMEM; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\__Samsung_Update\ADDMEM.SYS []
S3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-12-31 12288]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RimUsb;BlackBerry-Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-12-31 5888]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-12-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-09-24 77824]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-23 355584]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Alt 13.01.2010, 00:00   #12
Chris4You
 
malware! Hilfe! - Standard

malware! Hilfe!



Hi,

das war RSIT statt GMER, sieht bis auf Kleinigkeiten gut aus...
Lass aber bitte noch wie beschrieben auch Avira mit den härteren Einstellungen laufen (siehe vorangegangenes Post)!

Einige Sachen noch:
Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
    und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Programme\Gemeinsame Dateien\matf_update\matf_updater.exe
C:\Programme\Software Informer\softinfo.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

und


Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten!
Beim fixen müssen alle Programme geschlossen sein!
Code:
ATTFilter
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
         
chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Geändert von Chris4You (13.01.2010 um 00:13 Uhr)

Alt 13.01.2010, 00:26   #13
Firely
 
malware! Hilfe! - Standard

malware! Hilfe!



hier C:\Programme\Gemeinsame Dateien\matf_update\matf_updater.exe

Datei matf_updater.exe empfangen 2010.01.12 23:24:46 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/41 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 2.
Geschätzte Startzeit ist zwischen 50 und 71 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.48 2010.01.13 -
AhnLab-V3 5.0.0.2 2010.01.12 -
AntiVir 7.9.1.134 2010.01.12 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.12 -
Avast 4.8.1351.0 2010.01.12 -
AVG 9.0.0.725 2010.01.12 -
BitDefender 7.2 2010.01.13 -
CAT-QuickHeal 10.00 2010.01.12 -
ClamAV 0.94.1 2010.01.13 -
Comodo 3561 2010.01.12 -
DrWeb 5.0.1.12222 2010.01.12 -
eSafe 7.0.17.0 2010.01.12 -
eTrust-Vet 35.2.7233 2010.01.12 -
F-Prot 4.5.1.85 2010.01.12 -
F-Secure 9.0.15370.0 2010.01.12 -
Fortinet 4.0.14.0 2010.01.12 -
GData 19 2010.01.12 -
Ikarus T3.1.1.80.0 2010.01.12 -
Jiangmin 13.0.900 2010.01.12 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.13 -
McAfee 5859 2010.01.12 -
McAfee+Artemis 5859 2010.01.12 -
McAfee-GW-Edition 6.8.5 2010.01.12 -
Microsoft 1.5302 2010.01.12 -
NOD32 4765 2010.01.12 -
Norman 6.04.03 2010.01.12 -
nProtect 2009.1.8.0 2010.01.12 -
Panda 10.0.2.2 2010.01.12 -
PCTools 7.0.3.5 2010.01.12 -
Prevx 3.0 2010.01.13 -
Rising 22.30.01.03 2010.01.12 -
Sophos 4.49.0 2010.01.12 -
Sunbelt 3.2.1858.2 2010.01.12 -
Symantec 20091.2.0.41 2010.01.13 -
TheHacker 6.5.0.3.148 2010.01.12 -
TrendMicro 9.120.0.1004 2010.01.12 -
VBA32 3.12.12.1 2010.01.12 -
ViRobot 2010.1.12.2132 2010.01.12 -
VirusBuster 5.0.21.0 2010.01.12 -
weitere Informationen
File size: 1084416 bytes
MD5...: a87294dc6836555e7e4953c1c7354fc3
SHA1..: 8e4cefe51c741199c0ad65268e882200b9a6ac19
SHA256: f1315db702acc749c23ac527444c2de3353e1e793cf9f6f82e40a1efdbfe1e15
ssdeep: 12288:FavmX2ssedlxLFC6WuAQ9cmi9Ik/HWK5sXwiPCrhgWFa3KV8f2rTkQbSGm
2:FHXVlFDWuAXmiZ+LX6hbFa3KV8+rTC
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc8f40
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0xc806c 0xc8200 6.54 c916c4407df4db303e8291024227fef0
DATA 0xca000 0x7128 0x7200 6.26 7a1a12c03b2c073486ff4a029bce3bdf
BSS 0xd2000 0x1961 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd4000 0x2778 0x2800 4.91 71927e3c48dfef1c0db1fb1336f20704
.tls 0xd7000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xd8000 0x18 0x200 0.20 62f0351f71a5cdec3417a963070da453
.reloc 0xd9000 0xcfbc 0xd000 6.65 e7e43f75ad10d9e42d3efe5d576c901f
.rsrc 0xe6000 0x29a00 0x29a00 6.22 c5edb63889373b2d841efdd89d7536dd

( 18 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegFlushKey, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey
> kernel32.dll: lstrcpyA, lstrcmpA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, UnmapViewOfFile, Sleep, SizeofResource, SetVolumeLabelA, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, RaiseException, MulDiv, MoveFileExA, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalMemoryStatus, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FlushFileBuffers, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateSemaphoreA, CreateFileMappingA, CreateFileA, CreateEventA, CompareStringA, CloseHandle
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePen, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
> user32.dll: CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetAsyncKeyState, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
> ole32.dll: CoTaskMemFree, StringFromCLSID
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
> ole32.dll: CoTaskMemAlloc, CoCreateGuid, CoCreateInstance, CoUninitialize, CoInitialize
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
> shell32.dll: Shell_NotifyIconA, ShellExecuteA
> wininet.dll: InternetQueryOptionA
> kernel32.dll: GetVersionExA

( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: :: matf.de
copyright....: Matthias Feist
product......:
description..: matf.de - Programmupdate
original name:
internal name:
file version.: 1.1.5.0
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
trid..: Win32 Executable Borland Delphi 7 (44.7%)
Win32 Executable Borland Delphi 5 (30.1%)
Win32 Executable Borland Delphi 6 (17.5%)
InstallShield setup (2.8%)
Win32 EXE PECompact compressed (generic) (2.7%)

Alt 13.01.2010, 00:29   #14
Firely
 
malware! Hilfe! - Standard

malware! Hilfe!



hier C:\Programme\Software Informer\softinfo.exe

Datei softinfo.exe empfangen 2009.11.19 15:25:08 (UTC)
Status: Beendet
Ergebnis: 0/41 (0.00%)
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.11.19 -
AhnLab-V3 5.0.0.2 2009.11.19 -
AntiVir 7.9.1.72 2009.11.19 -
Antiy-AVL 2.0.3.7 2009.11.19 -
Authentium 5.2.0.5 2009.11.19 -
Avast 4.8.1351.0 2009.11.19 -
AVG 8.5.0.425 2009.11.19 -
BitDefender 7.2 2009.11.19 -
CAT-QuickHeal 10.00 2009.11.19 -
ClamAV 0.94.1 2009.11.19 -
Comodo 2979 2009.11.18 -
DrWeb 5.0.0.12182 2009.11.19 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7130 2009.11.19 -
F-Prot 4.5.1.85 2009.11.19 -
F-Secure 9.0.15370.0 2009.11.17 -
Fortinet 3.120.0.0 2009.11.19 -
GData 19 2009.11.19 -
Ikarus T3.1.1.74.0 2009.11.19 -
Jiangmin 11.0.800 2009.11.19 -
K7AntiVirus 7.10.900 2009.11.19 -
Kaspersky 7.0.0.125 2009.11.19 -
McAfee 5806 2009.11.18 -
McAfee+Artemis 5806 2009.11.18 -
McAfee-GW-Edition 6.8.5 2009.11.19 -
Microsoft 1.5302 2009.11.19 -
NOD32 4622 2009.11.19 -
Norman 6.03.02 2009.11.19 -
nProtect 2009.1.8.0 2009.11.19 -
Panda 10.0.2.2 2009.11.18 -
PCTools 7.0.3.5 2009.11.19 -
Prevx 3.0 2009.11.19 -
Rising 22.22.03.09 2009.11.19 -
Sophos 4.47.0 2009.11.19 -
Sunbelt 3.2.1858.2 2009.11.19 -
Symantec 1.4.4.12 2009.11.19 -
TheHacker 6.5.0.2.073 2009.11.18 -
TrendMicro 9.0.0.1003 2009.11.19 -
VBA32 3.12.12.0 2009.11.19 -
ViRobot 2009.11.19.2045 2009.11.19 -
VirusBuster 5.0.21.0 2009.11.18 -
weitere Informationen
File size: 1990725 bytes
MD5 : 66fde788edab2cccc9849785d757f927
SHA1 : 5fc6b1582f05c3876227748ce1ca4276c22370e5
SHA256: 3753086f66a616451778baef6d91adec22987f686e985521c7a19479144b5c70
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xBA604
timedatestamp.....: 0x4B031A5D (Tue Nov 17 22:49:17 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xC56D3 0xC6000 6.14 ca451b09f04e82902f2cbd24c1f759d1
.rdata 0xC7000 0x1DE0C 0x1E000 5.32 81337d47130a10ca95a35035dad9c8c5
.data 0xE5000 0xDF10 0xD000 4.95 8ce2920ea49f4ed7548a93b505e0569c
.rsrc 0xF3000 0xF30D8 0xF4000 4.89 aff5bdfb1445ded8ad5585ccc65874ef

( 15 imports )

> advapi32.dll: RegCloseKey, RegOpenKeyExA, RegDeleteValueA, RegEnumKeyExA, RegCreateKeyExA, CryptAcquireContextA, CryptImportKey, CryptCreateHash, CryptHashData, CryptVerifySignatureA, CryptDestroyHash, CryptDestroyKey, CryptReleaseContext, RegEnumValueA, RegEnumKeyA, OpenSCManagerA, OpenServiceA, QueryServiceConfigA, CloseServiceHandle, RegOpenKeyA, RegSetValueExA, RegQueryValueExA
> comctl32.dll: ImageList_AddMasked, ImageList_Draw, ImageList_GetIcon
> gdi32.dll: CreateDCA, CreateCompatibleBitmap, RoundRect, Rectangle, FillRgn, CreateRoundRectRgn, CreatePolygonRgn, CreateRectRgn, CreatePen, MoveToEx, LineTo, CreateFontA, GetTextExtentPoint32A, GetStockObject, CreateSolidBrush, CreateCompatibleDC, CreateDIBSection, SelectObject, BitBlt, ExtCreateRegion, CombineRgn, CreateFontIndirectA, GetObjectA, DeleteDC, DeleteObject, FrameRgn
> kernel32.dll: SizeofResource, LoadResource, LockResource, IsBadReadPtr, InterlockedDecrement, InterlockedIncrement, DeleteFileA, GetTempFileNameA, GetTempPathA, lstrcatA, CreateFileA, WriteFile, WaitForSingleObject, CloseHandle, CreateThread, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalReAlloc, GlobalFree, lstrlenW, FindResourceA, WideCharToMultiByte, FileTimeToDosDateTime, SystemTimeToFileTime, GetLocalTime, DosDateTimeToFileTime, GetVersionExA, TerminateProcess, ReadProcessMemory, CreateDirectoryA, SetLastError, GetWindowsDirectoryA, ExpandEnvironmentStringsA, EnterCriticalSection, LeaveCriticalSection, FindClose, FindFirstFileA, CompareFileTime, GetLongPathNameA, SearchPathA, GetLocaleInfoA, GetCurrentDirectoryA, Process32Next, Process32First, CreateToolhelp32Snapshot, GetFileTime, RemoveDirectoryA, GetSystemTime, MulDiv, SetFilePointer, lstrcmpA, FindNextFileA, GetTimeFormatA, GetDateFormatA, FileTimeToSystemTime, GetPrivateProfileIntA, GetPrivateProfileStringA, lstrcpynA, LocalFree, FormatMessageA, GetVersion, GetStartupInfoA, FreeLibrary, EnumResourceNamesA, GetLastError, LoadLibraryExA, GetTickCount, ReadFile, GetFileSize, CopyFileA, MoveFileA, GetFileAttributesA, Sleep, CreateMutexA, SetUnhandledExceptionFilter, lstrcmpiA, GetCommandLineA, GetCurrentThreadId, GetCurrentProcess, GetCurrentProcessId, GetProcAddress, LoadLibraryA, VirtualFreeEx, GetExitCodeThread, WriteProcessMemory, VirtualAllocEx, GetModuleHandleA, GetModuleFileNameA, OpenProcess, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, lstrlenA, GetShortPathNameA, lstrcpyA, MultiByteToWideChar
> mfc42.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> msimg32.dll: TransparentBlt
> msvcp60.dll: _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __Xlen@std@@YAXXZ, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV01@@Z, _length@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIXZ, __Y_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@G@Z, __A_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAGI@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __A_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEABDI@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV_$allocator@G@1@@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, _length@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, _reserve@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXI@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV_$allocator@D@1@@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, _empty@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_NXZ, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __8std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBG@Z, __1_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADPAD@Z, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADXZ, __A_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAADI@Z, __0logic_error@std@@QAE@ABV01@@Z, __0out_of_range@std@@QAE@ABV01@@Z, __1out_of_range@std@@UAE@XZ, __0out_of_range@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@PBG@Z, _empty@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBE_NXZ, _c_str@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEPBGXZ, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@PBGABV_$allocator@G@1@@Z, __Y_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@PBG@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@ABV01@@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@ABV10@PBG@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIDI@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADPAD0@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEPADXZ
> msvcrt.dll: _itoa, sprintf, isalpha, isdigit, wcsncmp, wcslen, _snprintf, _ui64toa, _wtoi64, _wcsicmp, _atoi64, _i64toa, _wtoi, sscanf, swscanf, _mbscspn, vsprintf, atof, isspace, swprintf, _ismbcalpha, rand, srand, strstr, strncpy, _CxxThrowException, __0exception@@QAE@ABV0@@Z, pow, _mbslwr, _mbsnbicmp, _ismbcdigit, strcat, _purecall, fclose, fseek, ftell, fwrite, fread, fopen, _mbsnbcpy, memset, _mbsrchr, strcpy, strncmp, _mbsicmp, strlen, strcmp, malloc, free, memcpy, _mbschr, _ftol, _mbscmp, atoi, memcmp, _mbsstr, abs, __CxxFrameHandler, memmove, __dllonexit, _onexit, __1type_info@@UAE@XZ, _except_handler3, _terminate@@YAXXZ, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, _strnicmp, _setmbcp, __p__commode, __p__fmode, __set_app_type, _controlfp
> ole32.dll: OleRun, CoTaskMemFree, CoCreateInstance, CoRevokeClassObject, CoRegisterClassObject, CoInitialize, CoUninitialize, StringFromCLSID, CoCreateGuid, StringFromGUID2, CLSIDFromProgID
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -
> setupapi.dll: SetupDiClassNameFromGuidA, SetupDiGetClassDescriptionA, SetupDiOpenDevRegKey, SetupDiEnumDeviceInfo, SetupDiGetClassDevsA, SetupDiGetDeviceRegistryPropertyA, SetupDiDestroyDeviceInfoList, SetupDiBuildClassInfoList
> shell32.dll: SHGetSpecialFolderPathA, SHGetFileInfoA, ExtractIconExA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, Shell_NotifyIconA, ShellExecuteA, SHAppBarMessage
> user32.dll: DrawIcon, EqualRect, GetAsyncKeyState, BringWindowToTop, GetWindowRgn, IsIconic, GetMenu, DrawIconEx, SetMenuDefaultItem, RegisterWindowMessageA, CopyRect, FillRect, LoadImageA, ReleaseDC, RemoveMenu, ModifyMenuA, SetCursorPos, GetForegroundWindow, SetRectEmpty, ClientToScreen, ScreenToClient, ShowScrollBar, GetClassNameA, EnumChildWindows, LoadMenuA, MapWindowPoints, InsertMenuA, GetMenuItemInfoA, GetMenuDefaultItem, GetWindowThreadProcessId, SetClassLongA, GetDesktopWindow, IsCharAlphaA, IsCharAlphaNumericA, GetWindowPlacement, GetMonitorInfoA, MonitorFromRect, MonitorFromPoint, GetWindowLongA, FindWindowExA, SetCursor, CheckMenuItem, EnableMenuItem, GetFocus, SetFocus, GetWindow, SetWindowLongA, GetMenuItemCount, GetMenuState, GetSubMenu, GetMenuItemID, GetMenuStringA, AppendMenuA, DrawStateA, InflateRect, DestroyIcon, SystemParametersInfoA, UpdateWindow, wsprintfA, ShowWindow, SetForegroundWindow, CharNextA, MessageBoxA, IsWindowVisible, FindWindowA, SetWindowPos, GetDC, GetSysColor, PostMessageA, SetWindowRgn, LoadBitmapA, SetRect, GetClientRect, SendMessageA, LoadIconA, GetParent, IsWindow, GetSystemMetrics, LoadCursorA, EnableWindow, KillTimer, SetTimer, InvalidateRect, GetWindowRect, GetCursorPos, PtInRect, GetIconInfo, CreateMenu
> version.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
> wininet.dll: HttpOpenRequestA, InternetConnectA, HttpAddRequestHeadersA, InternetWriteFile, InternetSetOptionA, HttpSendRequestA, InternetReadFile, InternetOpenA, InternetCloseHandle

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
ssdeep: 24576:bqTyEBhszc4mLCK5hEUuXkTbLSPZgoAPhWLkgQ:ayKhqc4JUckTSPeoAPhWLpQ
PEiD : -
RDS : NSRL Reference Data Set
-

Alt 13.01.2010, 01:20   #15
Firely
 
malware! Hilfe! - Standard

malware! Hilfe!



hier ist der antivir report:



Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Dienstag, 12. Januar 2010 23:58

Es wird nach 1525403 Virenstämmen gesucht.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows XP
Windowsversion : (Service Pack 3) [5.1.2600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : SAMSUNG_X10P

Versionsinformationen:
BUILD.DAT : 9.0.0.407 17961 Bytes 29.07.2009 10:29:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21.07.2009 13:36:08
AVSCAN.DLL : 9.0.3.0 49409 Bytes 13.02.2009 12:04:10
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 11:35:44
LUKERES.DLL : 9.0.2.0 13569 Bytes 26.01.2009 10:41:59
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 22:52:58
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 22:53:05
VBASE002.VDF : 7.10.1.1 2048 Bytes 19.11.2009 22:53:05
VBASE003.VDF : 7.10.1.2 2048 Bytes 19.11.2009 22:53:05
VBASE004.VDF : 7.10.1.3 2048 Bytes 19.11.2009 22:53:05
VBASE005.VDF : 7.10.1.4 2048 Bytes 19.11.2009 22:53:05
VBASE006.VDF : 7.10.1.5 2048 Bytes 19.11.2009 22:53:05
VBASE007.VDF : 7.10.1.6 2048 Bytes 19.11.2009 22:53:05
VBASE008.VDF : 7.10.1.7 2048 Bytes 19.11.2009 22:53:06
VBASE009.VDF : 7.10.1.8 2048 Bytes 19.11.2009 22:53:06
VBASE010.VDF : 7.10.1.9 2048 Bytes 19.11.2009 22:53:06
VBASE011.VDF : 7.10.1.10 2048 Bytes 19.11.2009 22:53:06
VBASE012.VDF : 7.10.1.11 2048 Bytes 19.11.2009 22:53:06
VBASE013.VDF : 7.10.1.79 209920 Bytes 25.11.2009 22:53:07
VBASE014.VDF : 7.10.1.128 197632 Bytes 30.11.2009 22:53:08
VBASE015.VDF : 7.10.1.178 195584 Bytes 07.12.2009 22:53:09
VBASE016.VDF : 7.10.1.224 183296 Bytes 14.12.2009 22:53:10
VBASE017.VDF : 7.10.1.247 182272 Bytes 15.12.2009 22:53:11
VBASE018.VDF : 7.10.2.30 198144 Bytes 21.12.2009 22:53:12
VBASE019.VDF : 7.10.2.63 187392 Bytes 24.12.2009 22:53:13
VBASE020.VDF : 7.10.2.93 195072 Bytes 29.12.2009 22:53:14
VBASE021.VDF : 7.10.2.131 201216 Bytes 07.01.2010 22:53:15
VBASE022.VDF : 7.10.2.158 192000 Bytes 11.01.2010 22:53:16
VBASE023.VDF : 7.10.2.159 2048 Bytes 11.01.2010 22:53:16
VBASE024.VDF : 7.10.2.160 2048 Bytes 11.01.2010 22:53:16
VBASE025.VDF : 7.10.2.161 2048 Bytes 11.01.2010 22:53:16
VBASE026.VDF : 7.10.2.162 2048 Bytes 11.01.2010 22:53:16
VBASE027.VDF : 7.10.2.163 2048 Bytes 11.01.2010 22:53:16
VBASE028.VDF : 7.10.2.164 2048 Bytes 11.01.2010 22:53:16
VBASE029.VDF : 7.10.2.165 2048 Bytes 11.01.2010 22:53:16
VBASE030.VDF : 7.10.2.166 2048 Bytes 11.01.2010 22:53:16
VBASE031.VDF : 7.10.2.175 143872 Bytes 12.01.2010 22:53:17
Engineversion : 8.2.1.134
AEVDF.DLL : 8.1.1.2 106867 Bytes 12.01.2010 22:53:29
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 12.01.2010 22:53:29
AESCN.DLL : 8.1.3.0 127348 Bytes 12.01.2010 22:53:27
AESBX.DLL : 8.1.1.1 246132 Bytes 12.01.2010 22:53:29
AERDL.DLL : 8.1.3.4 479605 Bytes 12.01.2010 22:53:27
AEPACK.DLL : 8.2.0.4 422263 Bytes 12.01.2010 22:53:26
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.07.2009 09:59:39
AEHEUR.DLL : 8.1.0.194 2228599 Bytes 12.01.2010 22:53:25
AEHELP.DLL : 8.1.9.0 237943 Bytes 12.01.2010 22:53:20
AEGEN.DLL : 8.1.1.83 369014 Bytes 12.01.2010 22:53:19
AEEMU.DLL : 8.1.1.0 393587 Bytes 12.01.2010 22:53:18
AECORE.DLL : 8.1.9.1 180598 Bytes 12.01.2010 22:53:18
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 08:47:56
AVPREF.DLL : 9.0.0.1 43777 Bytes 03.12.2008 11:39:55
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 15:25:04
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 15:05:37
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 10:37:04
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 08:21:28
NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 15:41:21
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 15:35:17
RCTEXT.DLL : 9.0.37.0 87809 Bytes 17.04.2009 10:13:12

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Programme\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Dienstag, 12. Januar 2010 23:58

Der Suchlauf nach versteckten Objekten wird begonnen.
Es wurden '41012' Objekte überprüft, '0' versteckte Objekte wurden gefunden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiapsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'softinfo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpeedswitchXP.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDServ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AGRSMMSG.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SensKbd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvsvc32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MDM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '36' Prozesse mit '36' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '58' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Lokaler Datenträger>
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei.
[HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\Dokumente und Einstellungen\Administrator\Desktop\zaSetup_91_007_002en.exe
[0] Archivtyp: ZIP SFX (self extracting)
--> SWITCHUNINST_44ZONE LABS.EXE
[1] Archivtyp: RSRC
--> WINDOWS6.0-KB929547-V2-X64.MSU
[1] Archivtyp: CAB (Microsoft)
--> Windows6.0-KB929547-v2-x64.cab
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\downloads\MSO2K3ENTGER\MSDE2000\MSDE2KS3.EXE
[0] Archivtyp: CAB SFX (self extracting)
--> \MSDE\Setup\SqlRun.cab
[1] Archivtyp: CAB (Microsoft)
--> DBmsSHRn.dll.F26FFD4A_05B4_4969_A552_30C7F9BAB1F4
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
--> \MSDE\Setup\SqlRun01.msi
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP217\A0068896.exe
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/FTat.A.2
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP217\A0068904.exe
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/FTat.A
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078973.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078974.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078975.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078976.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078977.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078978.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078979.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078980.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078981.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078982.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078983.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078984.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078985.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078986.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078987.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078988.sys
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078990.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078992.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078993.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078994.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078996.dll
[FUND] Ist das Trojanische Pferd TR/Drop.Softomat.AN
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078997.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078998.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0079000.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0079002.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0079003.dll
[FUND] Ist das Trojanische Pferd TR/Drop.Softomat.AN
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0079004.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0079005.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen

Beginne mit der Desinfektion:
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP217\A0068896.exe
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/FTat.A.2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b7d1124.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP217\A0068904.exe
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/FTat.A
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b7d1125.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078973.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a026e2e.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078974.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a064ece.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078975.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '481e968e.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078976.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b7d1126.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078977.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4afd97f7.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078978.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a036667.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078979.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48199e57.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078980.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4818861f.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078981.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '481b8e27.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078982.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '481ab7ef.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078983.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4814a61f.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078984.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4817ae27.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078985.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b7d1127.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078986.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4811dfb8.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078987.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4810c770.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078988.sys
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4813cf08.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078990.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4812f4c0.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078992.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480dfc98.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078993.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480ce450.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078994.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b7d1128.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078996.dll
[FUND] Ist das Trojanische Pferd TR/Drop.Softomat.AN
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48091421.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078997.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b7d1129.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0078998.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480b05b2.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0079000.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480a0d4a.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0079002.dll
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48053502.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0079003.dll
[FUND] Ist das Trojanische Pferd TR/Drop.Softomat.AN
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b7d112a.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0079004.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48072293.qua' verschoben!
C:\System Volume Information\_restore{5783B90F-6CB4-4CF7-9CEF-7CF891EF50A8}\RP239\A0079005.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48062aab.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 13. Januar 2010 01:16
Benötigte Zeit: 1:18:07 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

6920 Verzeichnisse wurden überprüft
496756 Dateien wurden geprüft
30 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
30 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
496725 Dateien ohne Befall
3837 Archive wurden durchsucht
5 Warnungen
31 Hinweise
41012 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Antwort

Themen zu malware! Hilfe!
.com, anfang, antivir, browser, checkpoint, drvstore, einstellungen, flash player, gupdate, helper, hijack, install.exe, installation, internet, internet explorer, jusched.exe, langsam, malware, mozilla, mp3, msiexec.exe, nt.dll, registry, rundll, security, server, starten, svchost.exe, system, windows, windows internet, windows internet explorer, windows live messenger, windows security, windows security alert, windows xp, windows-sicherheitscenterdienst, wireless lan



Ähnliche Themen: malware! Hilfe!


  1. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  2. Hilfe! Malware JS/Fakealert.72367
    Plagegeister aller Art und deren Bekämpfung - 09.12.2010 (32)
  3. Malware msa.exe & LosAlamos? Hilfe! ;)
    Log-Analyse und Auswertung - 08.02.2010 (1)
  4. Malware Gefunden Hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (9)
  5. Hilfe! 'HEUR/HTML.Malware' gefunden, was nun?
    Plagegeister aller Art und deren Bekämpfung - 08.08.2009 (3)
  6. Hilfe bei Malware
    Log-Analyse und Auswertung - 04.05.2009 (2)
  7. selbst kopirende malware exe bitte hilfe
    Log-Analyse und Auswertung - 02.02.2009 (0)
  8. Schon wieder Malware! Hilfe
    Log-Analyse und Auswertung - 07.10.2008 (4)
  9. Malware Antivirus XP 2008, bitte um Hilfe!
    Log-Analyse und Auswertung - 22.09.2008 (2)
  10. HEUR/HTML.Malware' [heuristic] HILFE !!
    Plagegeister aller Art und deren Bekämpfung - 05.09.2008 (6)
  11. Bitte um Hilfe bei Anti-Malware Report
    Plagegeister aller Art und deren Bekämpfung - 07.06.2008 (1)
  12. New Malware.n bitte um hilfe
    Plagegeister aller Art und deren Bekämpfung - 14.10.2007 (1)
  13. Hilfe Trojaner New Malware.aj
    Plagegeister aller Art und deren Bekämpfung - 08.10.2007 (27)
  14. LOP Malware, bitte Hilfe!
    Log-Analyse und Auswertung - 11.02.2007 (4)
  15. Dialer / HEUR/Malware Hilfe Nötig!
    Plagegeister aller Art und deren Bekämpfung - 29.12.2006 (5)
  16. Hilfe benötigt mit cmd und anderer malware
    Log-Analyse und Auswertung - 04.06.2006 (9)
  17. Hilfe gegen New Malware.bot???
    Antiviren-, Firewall- und andere Schutzprogramme - 05.12.2005 (10)

Zum Thema malware! Hilfe! - guten morgen ^^ vielleicht gleich am anfang, ich bin kein proficomputerbenutzer, sollte ich also was falsch ausdrücken oder dumm nachfragen, bitte ich um verständnis kann antivir nicht mehr öffnen. vor - malware! Hilfe!...
Archiv
Du betrachtest: malware! Hilfe! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.