|
Log-Analyse und Auswertung: browser stuerzt ab bei loginWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
19.08.2010, 18:52 | #1 |
| browser stuerzt ab bei login Hallo, Ich sehe newdotnet in den Details, aber der Scanner von Symantec meldet, dass nichts gefunden wurde. Sobald ich im Browser auf einer Seite anmelden klicke, stürzt der Browser ab. Browser ist ff HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:56:31, on 19.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TOSHIBA\TME3\Tmesbs32.exe C:\Programme\TOSHIBA\TME3\Tmesrv31.exe D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe D:\Programme\Logitech\iTouch\iTouch.exe C:\WINDOWS\system32\ctfmon.exe D:\Programme\Spybot - Search & Destroy\TeaTimer.exe D:\Programme\Launchy\Launchy.exe D:\Programme\Trillian4\trillian.exe C:\Programme\YCIII\YankClip.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe D:\Programme\MusicMonster\MusicMonster.exe D:\PROGRA~1\MOBILE~1\bin\DESProxy.exe D:\PROGRA~1\MOBILE~1\bin\SPHONE~1.EXE G:\Neu\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Trillian.lnk = D:\Programme\Trillian4\trillian.exe O4 - Startup: Yankee Clipper III.lnk = C:\Programme\YCIII\YankClip.exe O4 - Global Startup: Launchy.lnk = D:\Programme\Launchy\Launchy.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144869912557 O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - I:\CDS300\__CDS2.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AAV UpdateService - Unknown owner - D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Programme\TOSHIBA\TME3\Tmesbs32.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Programme\TOSHIBA\TME3\Tmesrv31.exe O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - D:\Programme\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe O23 - Service: McAfee Wireless Security Network Manager Service (WSCNetManager) - McAfee, Inc. - D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe -- End of file - 6165 bytes |
19.08.2010, 19:42 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | browser stuerzt ab bei login Hallo und
__________________Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
21.08.2010, 10:14 | #3 |
| browser stuerzt ab bei login Malwarebytes-Log: (OTL folgt)
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4450 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 20.08.2010 05:48:15 mbam-log-2010-08-20 (05-48-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 245648 Laufzeit: 49 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\System Volume Information\_restore{B2DC5DFA-9486-4AB5-A579-D7FB9302C752}\RP363\A0104363.exe (Trojan.Zbot) -> No action taken. C:\System Volume Information\_restore{B2DC5DFA-9486-4AB5-A579-D7FB9302C752}\RP363\A0104364.exe (Trojan.Zbot) -> No action taken. C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9B6NEZLB\rehd[1].exe (Heuristics.Shuriken) -> No action taken. C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9B6NEZLB\rehf[1].exe (Heuristics.Shuriken) -> No action taken. C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9B6NEZLB\rehh[1].exe (Heuristics.Shuriken) -> No action taken. |
22.08.2010, 18:15 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | browser stuerzt ab bei login Sry, aber was ist mit dem format da passiert? Poste die Logsfiles bitte ohne sinnfreie Zeilenumbrüche. Am besten Du packst die Logs in eine ZIP Datei und hängst diese hier an.
__________________ Logfiles bitte immer in CODE-Tags posten |
26.08.2010, 21:05 | #5 |
| browser stuerzt ab bei login Hallo, weiß nicht, wie die Zeilenumbrüche reingekommen sind. Anbei ein gezipptes File mit OTL.txt und Extras.txt |
27.08.2010, 08:27 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | browser stuerzt ab bei login Ist rel. unauffällig. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> browser stuerzt ab bei login |
28.08.2010, 14:27 | #7 |
| browser stuerzt ab bei login Combofix Logfile: Code:
ATTFilter ComboFix 10-08-27.03 - xxxxx 28.08.2010 14:50:06.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1279.929 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\xxxxx\Desktop\cofi.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {806F00B3-FFA4-00D5-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-FFA4-00CA-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {806EE0B3-FFA4-00D9-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {806EF0B3-FFA4-00CA-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {806F00B3-FFA4-00CA-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {806F00B3-FFA4-00DD-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {BA07D3F9-FFA4-00CA-0D24-347CA8A3377C} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Udycse c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Udycse\disuc.guo c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Udycse\disuc.tmp c:\dokumente und einstellungen\xxxxx\machineconstant2351.dll c:\dokumente und einstellungen\xxxxx\machineconstant9017.dll c:\dokumente und einstellungen\xxxxx\machineconstant9037.dll C:\extensions.exe c:\extensions.exe\config.bin c:\extensions.exe\extensions.exe c:\windows\system32\Thumbs.db c:\windows\system32\zip32.dll Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert Kopie von - Kitty had a snack :p wurde wiederhergestellt . ((((((((((((((((((((((( Dateien erstellt von 2010-07-28 bis 2010-08-28 )))))))))))))))))))))))))))))) . 2010-08-22 16:41 . 2010-01-11 07:57 1643888 ----a-w- c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll 2010-08-19 21:34 . 2010-08-19 21:34 -------- d-----w- c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Malwarebytes 2010-08-19 21:34 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-19 21:34 . 2010-08-19 21:34 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-08-19 21:34 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-17 01:19 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-08-16 19:24 . 2010-08-16 19:24 -------- dc----w- c:\windows\system32\DRVSTORE 2010-08-16 19:24 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-08-16 19:24 . 2010-08-16 19:24 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-08-16 19:16 . 2010-08-16 19:16 -------- d-----w- c:\dokumente und einstellungen\xxxxx\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software 2010-08-16 19:02 . 2010-07-12 08:56 2979280 -c--a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe 2010-08-16 19:02 . 2010-08-16 19:02 -------- dc-h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E} 2010-08-16 18:59 . 2010-08-16 18:59 -------- d-----w- c:\programme\Lavasoft 2010-08-16 17:59 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-08-16 17:57 . 2010-08-16 17:57 -------- d-----w- c:\programme\Panda Security 2010-08-15 16:20 . 2010-08-15 16:20 6884 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AAV\SSE\15\UpdateFiles\SSEStandard_Patch_15.12.bat 2010-08-15 16:20 . 2010-08-15 16:20 20776 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AAV\SSE\15\UpdateFiles\ApplyMsp.exe 2010-08-15 16:20 . 2010-08-15 16:20 18728 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AAV\SSE\15\UpdateFiles\RepairVLH2010.exe 2010-08-13 22:19 . 2010-08-13 22:19 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe 2010-08-13 22:19 . 2010-08-13 22:19 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\AdobeUM 2010-08-13 22:18 . 2010-08-13 22:18 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Eigene Dateien 2010-08-01 13:33 . 2010-08-01 13:33 -------- d-s---w- c:\dokumente und einstellungen\NetworkService\UserData . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-28 10:12 . 2006-04-12 20:22 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WSC Guard 2010-08-21 10:34 . 2006-04-07 13:33 -------- d-----w- c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Skype 2010-08-16 18:39 . 2008-08-23 17:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-08-08 18:31 . 2010-03-21 12:35 -------- d-----w- c:\programme\PokerStars 2010-07-28 17:26 . 2010-07-28 17:25 -------- d-----w- c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Trillian 2010-07-25 18:03 . 2009-08-25 16:40 -------- d-----w- c:\programme\LowRateVoip 2010-07-02 17:36 . 2007-08-31 18:58 -------- d-----w- c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Launchy 2010-06-14 14:31 . 2008-11-06 13:02 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="d:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="NvQTwk" [X] "zBrowser Launcher"="d:\programme\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] c:\dokumente und einstellungen\xxxxx\Startmen\Programme\Autostart\ Trillian.lnk - d:\programme\Trillian4\trillian.exe [2010-8-23 2068832] Yankee Clipper III.lnk - c:\programme\YCIII\YankClip.exe [2007-11-1 1368064] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Launchy.lnk - d:\programme\Launchy\Launchy.exe [2008-2-9 274432] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_winadm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Siemens SmartSync - ScheduleSync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2006-05-03 00:56 36975 ----a-w- d:\programme\Java\jre1.5.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] 2004-03-18 07:33 892928 -c--a-w- c:\programme\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UPS"=3 (0x3) "Tomcat5"=3 (0x3) "TapiSrv"=3 (0x3) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "PolicyAgent"=2 (0x2) "mnmsrvc"=3 (0x3) "ClipSrv"=3 (0x3) "CiSvc"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "updateMgr"="d:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TrueImageMonitor.exe"=c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe "Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" "AcronisTimounterMonitor"=c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe "NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\LowRateVoip\\LowRateVoip.exe"= "d:\\Programme\\Trillian4\\trillian.exe"= "d:\\Programme\\Skype\\Phone\\Skype.exe"= "d:\\Programme\\SopCast\\adv\\SopAdver.exe"= "d:\\Programme\\SopCast\\SopCast.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [26.03.2006 13:46 14848] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.08.2010 21:24 64288] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16.08.2010 19:59 28552] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [26.03.2006 13:46 34304] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [03.03.2003 16:32 5760] R2 AAV UpdateService;AAV UpdateService;d:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 17:35 128296] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [12.07.2010 10:55 1355416] R2 Tmesbs;Tmesbs32;c:\programme\TOSHIBA\TME3\TMESBS32.EXE [03.03.2003 16:32 65536] R2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.EXE [03.03.2003 16:32 110592] R2 WSCNetManager;McAfee Wireless Security Network Manager Service;d:\programme\McAfee Wireless Security\WscNetMgrSvc.exe [19.09.2005 15:44 1282130] R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [09.07.2008 22:23 42880] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programme\Lavasoft\Ad-Aware\kernexplorer.sys [16.08.2010 21:24 15008] S1 SASKUTIL;SASKUTIL;\??\d:\programme\SUPERAntiSpyware\SASKUTIL.sys --> d:\programme\SUPERAntiSpyware\SASKUTIL.sys [?] S2 gupdate;Google Update Service (gupdate);"c:\programme\Google\Update\GoogleUpdate.exe" /svc --> c:\programme\Google\Update\GoogleUpdate.exe [?] S3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [05.12.2006 17:11 117376] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [15.04.2006 12:55 16512] S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [06.11.2008 15:00 15104] S3 PDNMp50;PDNMp50 NDIS Protocol Driver;\??\c:\windows\System32\drivers\PDNMp50.sys --> c:\windows\System32\drivers\PDNMp50.sys [?] S3 PDNSp50;PDNSp50 NDIS Protocol Driver;\??\c:\windows\System32\drivers\PDNSp50.sys --> c:\windows\System32\drivers\PDNSp50.sys [?] S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [14.05.2008 21:33 215040] S3 Tomcat5;Apache Tomcat;d:\programme\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe [24.11.2004 18:46 102400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Inhalt des "geplante Tasks" Ordners 2010-08-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 19:24] . . ------- Zusätzlicher Suchlauf ------- . IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll FF - ProfilePath - c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll FF - plugin: c:\programme\Gemeinsame Dateien\ParallelGraphics\Cortona\npCortona.dll FF - plugin: d:\programme\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJava11.dll FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJava12.dll FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJava13.dll FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJava14.dll FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJava32.dll FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPOJI610.dll FF - plugin: d:\programme\Mozilla Firefox\plugins\npCortona.dll FF - plugin: d:\programme\Mozilla Firefox\plugins\npmozax.dll FF - plugin: d:\programme\Mozilla Firefox\plugins\npunagi2.dll ---- FIREFOX Richtlinien ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-extensions.exe - c:\extensions.exe\extensions.exe HKU-Default-Run-extensions.exe - c:\extensions.exe\extensions.exe MSConfigStartUp-Skype - d:\programme\Skype\Skype.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-08-28 15:17 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\user.js.BAK 326 bytes c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\prefs.js.BAK 26050 bytes Scan erfolgreich abgeschlossen versteckte Dateien: 2 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'lsass.exe'(736) c:\windows\system32\relog_ap.dll - - - - - - - > 'explorer.exe'(3456) d:\programme\Logitech\iTouch\iTchHk.dll c:\programme\Gemeinsame Dateien\Logitech\Scrolling\LgMsgHk.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe c:\programme\AntiVir PersonalEdition Classic\sched.exe c:\programme\AntiVir PersonalEdition Classic\avguard.exe c:\windows\System32\nvsvc32.exe c:\programme\Analog Devices\SoundMAX\SMAgent.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\programme\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-08-28 15:23:28 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-08-28 13:22 Vor Suchlauf: 428.331.008 Bytes frei Nach Suchlauf: 326.755.840 Bytes frei WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5 - - End Of File - - FD43E801824276CB6658CF56296F992E |
28.08.2010, 18:27 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | browser stuerzt ab bei login Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
29.08.2010, 12:47 | #9 |
| browser stuerzt ab bei login GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-08-29 13:39:15 Windows 5.1.2600 Service Pack 3 Running: eiwbp32k.exe; Driver: C:\DOKUME~1\xxxxx\LOKALE~1\Temp\kwddrfog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB8663534] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB865D782] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB867C6DC] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB8663CC0] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB8663DF6] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB865E398] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB867DFE4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB867D93C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB867E93C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB867EB44] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB865DFAA] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB867F8D2] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB867F208] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB86630F4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB86802A4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB865E75C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB867FE12] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB867D0C4] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 1D4 804E2840 8 Bytes JMP 6B92E0AC ---- User code sections - GMER 1.0.15 ---- .text D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[440] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[440] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[568] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[568] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[608] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[608] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[608] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[608] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[608] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[608] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[680] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[680] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[680] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[680] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[680] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[756] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[756] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[832] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[832] USER32.dll!DefDlgProcW + 56E 7E3742A8 5 Bytes JMP 20C79270 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1092] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1092] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1092] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1092] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\nvsvc32.exe[1524] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\nvsvc32.exe[1524] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\nvsvc32.exe[1524] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\nvsvc32.exe[1524] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\nvsvc32.exe[1524] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\nvsvc32.exe[1524] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\nvsvc32.exe[1524] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\nvsvc32.exe[1524] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1776] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1776] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1776] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1776] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1776] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1776] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1840] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1840] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1840] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1840] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1840] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1840] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1840] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[1840] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1952] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1952] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1952] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1952] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1952] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1952] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1952] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[1952] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1964] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1964] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1964] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1964] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1964] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1964] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[1964] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[2468] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[2468] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[2468] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[2468] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[2468] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[2468] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[2468] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[2468] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\wscntfy.exe[2888] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\wscntfy.exe[2888] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\wscntfy.exe[2888] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\wscntfy.exe[2888] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\wscntfy.exe[2888] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\wscntfy.exe[2888] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\wscntfy.exe[2888] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\wscntfy.exe[2888] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3132] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3132] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3132] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3132] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3132] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3132] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3132] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3132] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Logitech\iTouch\iTouch.exe[3176] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Logitech\iTouch\iTouch.exe[3176] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Logitech\iTouch\iTouch.exe[3176] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Logitech\iTouch\iTouch.exe[3176] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Logitech\iTouch\iTouch.exe[3176] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Logitech\iTouch\iTouch.exe[3176] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Logitech\iTouch\iTouch.exe[3176] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Logitech\iTouch\iTouch.exe[3176] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Mozilla Firefox\firefox.exe[3260] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Mozilla Firefox\firefox.exe[3260] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Mozilla Firefox\firefox.exe[3260] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Mozilla Firefox\firefox.exe[3260] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Mozilla Firefox\firefox.exe[3260] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Mozilla Firefox\firefox.exe[3260] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Mozilla Firefox\firefox.exe[3260] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text D:\Programme\Mozilla Firefox\firefox.exe[3260] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text G:\Neu\eiwbp32k.exe[3288] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text G:\Neu\eiwbp32k.exe[3288] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text G:\Neu\eiwbp32k.exe[3288] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text G:\Neu\eiwbp32k.exe[3288] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text G:\Neu\eiwbp32k.exe[3288] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text G:\Neu\eiwbp32k.exe[3288] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text G:\Neu\eiwbp32k.exe[3288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text G:\Neu\eiwbp32k.exe[3288] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[3768] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[3768] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[3768] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[3768] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[3768] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[3768] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[3768] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[3768] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B86463C4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B865F2AA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B865F60C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [B865ED40] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [B865F41C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ---- User IAT/EAT - GMER 1.0.15 ---- IAT D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\System32\svchost.exe[680] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\spoolsv.exe[1092] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\System32\svchost.exe[1232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\System32\nvsvc32.exe[1524] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\System32\svchost.exe[1776] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\winlogon.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\services.exe[1952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\lsass.exe[1964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\Explorer.EXE[2468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\wscntfy.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\System32\svchost.exe[3132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT D:\Programme\Logitech\iTouch\iTouch.exe[3176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT D:\Programme\Mozilla Firefox\firefox.exe[3260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT G:\Neu\eiwbp32k.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\System32\alg.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira Antivir File Filter Driver Manager/AVIRA GmbH) Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ---- EOF - GMER 1.0.15 ---- |
29.08.2010, 13:19 | #10 |
| browser stuerzt ab bei login OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:17:12 on 29.08.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "AdobeGamma" - ? - %CommonFiles%\Adobe\Callibration\Adobe Gamma.cpl (File not found) "Avira AntiVir PersonalEdition Classic Konfiguration" - "Avira GmbH" - C:\PROGRA~1\ANTIVI~1\avconfig.cpl "SMAX3CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax3CP.cpl "ToshSrv" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Controls\ToshSrv.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys "Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys "Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys "actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys "Advanced SCSI Programming Interface Driver" (ASPI) - "Adaptec" - C:\WINDOWS\System32\DRIVERS\ASPI32.sys "Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys "avgntdd" (avgntdd) - "AVIRA GmbH" - C:\WINDOWS\System32\DRIVERS\avgntdd.sys "avgntmgr" (avgntmgr) - "AVIRA GmbH" - C:\WINDOWS\System32\drivers\avgntmgr.sys "Bluetooth ACPI from TOSHIBA" (tosrfec) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosrfec.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "Cinergy T USB XE service" (AF05BDA) - "AfaTech " - C:\WINDOWS\System32\DRIVERS\AF05BDA.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys (File found, but it contains no detailed information) "Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "pavboot" (pavboot) - "Panda Security, S.L." - C:\WINDOWS\System32\drivers\pavboot.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDNMp50 NDIS Protocol Driver" (PDNMp50) - ? - C:\WINDOWS\System32\drivers\PDNMp50.sys (File not found) "PDNSp50 NDIS Protocol Driver" (PDNSp50) - ? - C:\WINDOWS\System32\drivers\PDNSp50.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SASKUTIL" (SASKUTIL) - ? - D:\Programme\SUPERAntiSpyware\SASKUTIL.sys (File not found) "Sound2x Audio Cable (WDM)" (EuMusDesignVirtualAudioCableWdm_s2x) - "Eugene V. Muzychenko" - C:\WINDOWS\System32\DRIVERS\vacs2xkd.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "TMEI3E" (TMEI3E) - "Toshiba Corporation" - C:\WINDOWS\System32\Drivers\TMEI3E.SYS "Toshiba ACPI-Based Value Added Logical Device Driver" (TVALD) - "Toshiba Corporation" - C:\WINDOWS\System32\DRIVERS\TVALD.SYS "TOSHIBA SD Card Host Controller Driver" (tsdhd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tsdhd.sys "Toshiba Value Added Logical and General Purpose Device Driver" (TVALG) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\TVALG.SYS "vsdatant" (vsdatant) - "Check Point Software Technologies LTD" - C:\WINDOWS\System32\vsdatant.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WSC Filter Miniport" (WscNetDr) - "Wireless Security Corporation" - C:\WINDOWS\System32\DRIVERS\WscNetDr.sys "ZoneAlarm Toolbar ISWKL" (ISWKL) - "Check Point Software Technologies" - C:\Programme\CheckPoint\ZAForceField\ISWKL.sys [Explorer] -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - D:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - D:\Programme\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - D:\Programme\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\OFFICE11\msohev.dll {D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\shlext.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - "Siemens AG" - D:\Programme\Mobile Phone Manager\DES\DESShellExt.dll {ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - "Siemens AG" - D:\Programme\Mobile Phone Manager\DES\DESShellExt.dll {ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device PropertySheetHandler" - "Siemens AG" - D:\Programme\Mobile Phone Manager\DES\DESShellExt.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "ZoneAlarm Security Engine" - "Check Point Software Technologies" - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll <binary data> "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} "CCTVUpdateInstall" - ? - C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll / hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_07" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.5.0_07" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_07" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {182EC0BE-5110-49C8-A062-BEB1D02A220B} "Adobe PDF" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {08B0E5C0-4FCB-11CF-AAA5-00401C608501} "ClsidExtension" - "Microsoft Corporation" - C:\WINDOWS\System32\msjava.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} "ZoneAlarm Security Engine" - "Check Point Software Technologies" - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll {AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_07\bin\ssv.dll {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} "ZoneAlarm Security Engine Registrar" - "Check Point Software Technologies" - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Authentication packages" - "Acronis" - C:\WINDOWS\system32\relog_ap.dll [Logon] -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SpybotSD TeaTimer" - "Safer-Networking Ltd." - D:\Programme\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ISW" - "Check Point Software Technologies" - "C:\Programme\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" "zBrowser Launcher" - "Logitech Inc." - D:\Programme\Logitech\iTouch\iTouch.exe "ZoneAlarm Client" - "Check Point Software Technologies LTD" - "D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\System32\AdobePDF.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINDOWS\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AAV UpdateService" (AAV UpdateService) - ? - D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe "AntiVir PersonalEdition Classic Guard" (AntiVirService) - "AVIRA GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe "AntiVir PersonalEdition Classic Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\sched.exe "Apache Tomcat" (Tomcat5) - "Apache Software Foundation" - D:\Programme\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe "getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll "Google Update Service (gupdate)" (gupdate) - ? - "C:\Programme\Google\Update\GoogleUpdate.exe" /svc (File not found) "HID Input Service" (HidServ) - ? - C:\WINDOWS\System32\hidserv.dll (File not found) "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe "McAfee Wireless Security Network Manager Service" (WSCNetManager) - "McAfee, Inc." - D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe "O&O Defrag 2000" (OOD2000) - "O&O Software GmbH" - C:\WINDOWS\system32\OOD2000.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe "Tmesbs32" (Tmesbs) - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TME3\Tmesbs32.exe "Tmesrv3" (Tmesrv) - "TOSHIBA" - C:\Programme\TOSHIBA\TME3\Tmesrv31.exe "TrueVector Internet Monitor" (vsmon) - "Check Point Software Technologies LTD" - C:\WINDOWS\system32\ZoneLabs\vsmon.exe "ZoneAlarm Toolbar IswSvc" (IswSvc) - "Check Point Software Technologies" - C:\Programme\CheckPoint\ZAForceField\IswSvc.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
29.08.2010, 13:22 | #11 |
| browser stuerzt ab bei login Bootkit Remover (c) 2009 eSage Lab www.esagelab.com Program version: 1.1.0.0 OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600) System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 Boot sector MD5 is: 99ed1954602173ef14b43a708afaa354 Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Done; |
29.08.2010, 20:08 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | browser stuerzt ab bei login Würdest Du bitte mal ZoneAlarm deinstallieren? Das Teil ist sinnfrei und kontraproduktiv. Nutze lieber die Windows-Firewall. Downloade Dir danach MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
04.09.2010, 10:16 | #13 |
| browser stuerzt ab bei login Zonealarm deinstalliert. Windows Firewall aktiviert. Welche Tools sollte man denn unbedingt installiert haben? Reichen die Windows-Tools denn? MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000001fc Kernel Drivers (total 137): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EF000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A7000 ACPI.sys 0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF7596000 pci.sys 0xF75F7000 isapnp.sys 0xF7607000 ohci1394.sys 0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS 0xF789B000 compbatt.sys 0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF798B000 intelide.sys 0xF74D8000 pcmcia.sys 0xF7627000 MountMgr.sys 0xF74B9000 ftdisk.sys 0xF770F000 PartMgr.sys 0xF7717000 pavboot.sys 0xF7637000 VolSnap.sys 0xF74A1000 atapi.sys 0xF7647000 disk.sys 0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF7481000 fltmgr.sys 0xF746F000 sr.sys 0xF7667000 Lbd.sys 0xF7677000 avgntmgr.sys 0xF771F000 PxHelp20.sys 0xF7860000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF7833000 NDIS.sys 0xF7AF3000 timntr.sys 0xF798D000 TVALG.SYS 0xF798F000 TVALD.SYS 0xF796C000 snapman.sys 0xF7952000 Mup.sys 0xF7687000 agp440.sys 0xB98C7000 \SystemRoot\System32\DRIVERS\nv4_mini.sys 0xB98B3000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 0xF778F000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xB988F000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF7797000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xB97ED000 \SystemRoot\System32\DRIVERS\w70n51.sys 0xF779F000 \SystemRoot\System32\DRIVERS\tsdhd.sys 0xF741F000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xBA778000 \SystemRoot\System32\DRIVERS\itchfltr.sys 0xF77A7000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xB97D5000 \SystemRoot\System32\DRIVERS\Apfiltr.sys 0xF77AF000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF740F000 \SystemRoot\System32\DRIVERS\smcirda.sys 0xBA770000 \SystemRoot\System32\DRIVERS\irenum.sys 0xB97C1000 \SystemRoot\System32\DRIVERS\parport.sys 0xF7887000 \SystemRoot\System32\DRIVERS\serial.sys 0xF77B7000 \SystemRoot\system32\drivers\actser.sys 0xBA768000 \SystemRoot\System32\DRIVERS\serenum.sys 0xF7877000 \SystemRoot\System32\DRIVERS\imapi.sys 0xF76B7000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xBA159000 \SystemRoot\System32\DRIVERS\redbook.sys 0xB9776000 \SystemRoot\System32\DRIVERS\ks.sys 0xB96F7000 \SystemRoot\system32\drivers\smwdm.sys 0xB96D3000 \SystemRoot\system32\drivers\portcls.sys 0xBA149000 \SystemRoot\system32\drivers\drmk.sys 0xB96BB000 \SystemRoot\system32\drivers\aeaudio.sys 0xB95F5000 \SystemRoot\System32\DRIVERS\LTSM.sys 0xF77BF000 \SystemRoot\System32\Drivers\Modem.SYS 0xBA75C000 \SystemRoot\System32\DRIVERS\CmBatt.sys 0xBA139000 \SystemRoot\System32\DRIVERS\intelppm.sys 0xBA129000 \SystemRoot\System32\DRIVERS\vacs2xkd.sys 0xF7A77000 \SystemRoot\System32\DRIVERS\audstub.sys 0xF77C7000 \SystemRoot\System32\DRIVERS\rasirda.sys 0xF77CF000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xBA119000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xBA754000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xB95DE000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xBA109000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xBA0F9000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xB95CD000 \SystemRoot\System32\DRIVERS\psched.sys 0xBA0E9000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF77D7000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF77DF000 \SystemRoot\System32\DRIVERS\raspti.sys 0xB954D000 \SystemRoot\System32\DRIVERS\rdpdr.sys 0xBA0D9000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF799D000 \SystemRoot\System32\DRIVERS\swenum.sys 0xB9427000 \SystemRoot\System32\DRIVERS\update.sys 0xBA73C000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xB9413000 \SystemRoot\System32\DRIVERS\WscNetDr.sys 0xBA0C9000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF76C7000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF79A5000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xF76F7000 \SystemRoot\SYSTEM32\DRIVERS\avgntdd.sys 0xF79A9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7AA2000 \SystemRoot\System32\Drivers\Null.SYS 0xF79AB000 \SystemRoot\System32\Drivers\Beep.SYS 0xF77FF000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS 0xF7807000 \SystemRoot\System32\drivers\vga.sys 0xF79AD000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79AF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF780F000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7817000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA780000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xB83B8000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xB835F000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xB8337000 \SystemRoot\System32\DRIVERS\netbt.sys 0xB8315000 \SystemRoot\System32\drivers\afd.sys 0xF7586000 \SystemRoot\System32\DRIVERS\netbios.sys 0xF781F000 \SystemRoot\System32\Drivers\StarOpen.SYS 0xF79B1000 \SystemRoot\System32\Drivers\TMEI3E.SYS 0xB7856000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xF7526000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xB97A1000 \SystemRoot\System32\DRIVERS\hidusb.sys 0xF7516000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS 0xB782B000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xB77BB000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xF7506000 \SystemRoot\System32\Drivers\Fips.SYS 0xB9549000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xB9505000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB3F5B000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79E1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xBA71C000 \SystemRoot\System32\drivers\Dxapi.sys 0xB9585000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xB7727000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xF77EF000 \SystemRoot\System32\DRIVERS\tifsfilt.sys 0xB18E4000 \SystemRoot\System32\DRIVERS\irda.sys 0xB1A2E000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xB174F000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xF79C7000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xF77F7000 \SystemRoot\System32\Drivers\Aspi32.SYS 0xB15E0000 \SystemRoot\System32\DRIVERS\srv.sys 0xB13EB000 \SystemRoot\system32\drivers\wdmaud.sys 0xB15B0000 \SystemRoot\system32\drivers\sysaudio.sys 0xB0ED4000 \SystemRoot\System32\Drivers\HTTP.sys 0xB0CD0000 \??\C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 42): 0 System Idle Process 4 System 1172 C:\WINDOWS\system32\smss.exe 1780 csrss.exe 1804 C:\WINDOWS\system32\winlogon.exe 1896 C:\WINDOWS\system32\services.exe 1908 C:\WINDOWS\system32\lsass.exe 380 C:\WINDOWS\system32\svchost.exe 504 svchost.exe 540 C:\WINDOWS\system32\svchost.exe 588 svchost.exe 680 svchost.exe 1068 C:\Programme\Lavasoft\Ad-Aware\AAWService.exe 268 C:\WINDOWS\system32\spoolsv.exe 1316 svchost.exe 1348 D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 1360 C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe 1388 C:\Programme\AntiVir PersonalEdition Classic\sched.exe 1408 C:\Programme\AntiVir PersonalEdition Classic\avguard.exe 1496 C:\WINDOWS\system32\nvsvc32.exe 1568 C:\Programme\Analog Devices\SoundMAX\SMAgent.exe 1612 C:\WINDOWS\system32\svchost.exe 1996 C:\Programme\TOSHIBA\TME3\TMESBS32.EXE 1032 C:\WINDOWS\explorer.exe 1628 C:\Programme\TOSHIBA\TME3\TMESRV31.EXE 2036 D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe 2192 D:\Programme\Logitech\iTouch\iTouch.exe 2408 D:\Programme\Spybot - Search & Destroy\TeaTimer.exe 2520 D:\Programme\Launchy\Launchy.exe 2552 D:\Programme\Trillian4\trillian.exe 2580 C:\Programme\YCIII\YankClip.exe 3348 C:\WINDOWS\system32\wscntfy.exe 3960 unsecapp.exe 736 alg.exe 956 wmiprvse.exe 3836 C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe 1048 D:\PROGRA~1\MOBILE~1\bin\DESPROXY.exe 696 D:\PROGRA~1\MOBILE~1\bin\SPHONE~1.EXE 3572 D:\Programme\Mozilla Thunderbird\thunderbird.exe 3704 D:\Programme\Mozilla Firefox\firefox.exe 3916 G:\Neu\MBRCheck.exe 2700 <unknown> \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000001`40251800 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000004`64ab6a00 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000016`49b46a00 (NTFS) \\.\G: --> \\.\PhysicalDrive0 at offset 0x00000014`693ec200 (NTFS) \\.\H: --> \\.\PhysicalDrive0 at offset 0x00000013`6953ae00 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHM100JC, Rev: YN100-08 Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Windows 98 MBR code detected SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E Done! |
04.09.2010, 15:40 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | browser stuerzt ab bei loginZitat:
Starte bitte MBRCheck.exe erneut. Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter bei
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop. Poste mir den Inhalt von beiden .txt Dokumenten
__________________ Logfiles bitte immer in CODE-Tags posten |
11.09.2010, 09:53 | #15 |
| browser stuerzt ab bei login Hallo, am Ende erhalte ich die Frage nicht, ob ich weitere Optionen einstellen möchte: Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Windows 98 MBR code detected SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E Done! Press ENTER to exit... |
Themen zu browser stuerzt ab bei login |
ad-aware, adobe, antivir, avira, bho, browser, excel, explorer, google, hijack, hijackthis, internet, internet explorer, neu, nvidia, pdf, programme, rundll, scan, security, software, symantec, system, windows, windows xp |