browser stuerzt ab bei login

doenerpoldi · 19.08.2010, 18:52

Hallo,

Ich sehe newdotnet in den Details, aber der Scanner von Symantec meldet, dass nichts gefunden wurde.

Sobald ich im Browser auf einer Seite anmelden klicke, stürzt der Browser ab. Browser ist ff

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:56:31, on 19.08.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

C:\Programme\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\TOSHIBA\TME3\Tmesbs32.exe

C:\Programme\TOSHIBA\TME3\Tmesrv31.exe

D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

D:\Programme\Logitech\iTouch\iTouch.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programme\Spybot - Search & Destroy\TeaTimer.exe

D:\Programme\Launchy\Launchy.exe

D:\Programme\Trillian4\trillian.exe

C:\Programme\YCIII\YankClip.exe

C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe

C:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe

D:\Programme\MusicMonster\MusicMonster.exe

D:\PROGRA~1\MOBILE~1\bin\DESProxy.exe

D:\PROGRA~1\MOBILE~1\bin\SPHONE~1.EXE

G:\Neu\HiJackThis204.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Trillian.lnk = D:\Programme\Trillian4\trillian.exe

O4 - Startup: Yankee Clipper III.lnk = C:\Programme\YCIII\YankClip.exe

O4 - Global Startup: Launchy.lnk = D:\Programme\Launchy\Launchy.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144869912557

O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - I:\CDS300\__CDS2.dll (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AAV UpdateService - Unknown owner - D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Programme\TOSHIBA\TME3\Tmesbs32.exe

O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Programme\TOSHIBA\TME3\Tmesrv31.exe

O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - D:\Programme\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe

O23 - Service: McAfee Wireless Security Network Manager Service (WSCNetManager) - McAfee, Inc. - D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe



--

End of file - 6165 bytes

--- --- ---

cosinus · 19.08.2010, 19:42

Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

doenerpoldi · 21.08.2010, 10:14

Malwarebytes-Log: (OTL folgt)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4450

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20.08.2010 05:48:15
mbam-log-2010-08-20 (05-48-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 245648
Laufzeit: 49 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{B2DC5DFA-9486-4AB5-A579-D7FB9302C752}\RP363\A0104363.exe (Trojan.Zbot) -> No action taken.
C:\System Volume Information\_restore{B2DC5DFA-9486-4AB5-A579-D7FB9302C752}\RP363\A0104364.exe (Trojan.Zbot) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9B6NEZLB\rehd[1].exe (Heuristics.Shuriken) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9B6NEZLB\rehf[1].exe (Heuristics.Shuriken) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9B6NEZLB\rehh[1].exe (Heuristics.Shuriken) -> No action taken.

cosinus · 22.08.2010, 18:15

Sry, aber was ist mit dem format da passiert? Poste die Logsfiles bitte ohne sinnfreie Zeilenumbrüche. Am besten Du packst die Logs in eine ZIP Datei und hängst diese hier an.

doenerpoldi · 26.08.2010, 21:05

Hallo,

weiß nicht, wie die Zeilenumbrüche reingekommen sind.

Anbei ein gezipptes File mit OTL.txt und Extras.txt

cosinus · 27.08.2010, 08:27

Ist rel. unauffällig. Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

doenerpoldi · 28.08.2010, 14:27

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-08-27.03 - xxxxx 28.08.2010  14:50:06.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1279.929 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\xxxxx\Desktop\cofi.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {806F00B3-FFA4-00D5-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-FFA4-00CA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {806EE0B3-FFA4-00D9-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {806EF0B3-FFA4-00CA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {806F00B3-FFA4-00CA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {806F00B3-FFA4-00DD-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {BA07D3F9-FFA4-00CA-0D24-347CA8A3377C}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Udycse
c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Udycse\disuc.guo
c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Udycse\disuc.tmp
c:\dokumente und einstellungen\xxxxx\machineconstant2351.dll
c:\dokumente und einstellungen\xxxxx\machineconstant9017.dll
c:\dokumente und einstellungen\xxxxx\machineconstant9037.dll
C:\extensions.exe
c:\extensions.exe\config.bin
c:\extensions.exe\extensions.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\zip32.dll

Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-28 bis 2010-08-28  ))))))))))))))))))))))))))))))
.

2010-08-22 16:41 . 2010-01-11 07:57	1643888	----a-w-	c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
2010-08-19 21:34 . 2010-08-19 21:34	--------	d-----w-	c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Malwarebytes
2010-08-19 21:34 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-19 21:34 . 2010-08-19 21:34	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-19 21:34 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-17 01:19 . 2010-07-12 08:55	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-08-16 19:24 . 2010-08-16 19:24	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-08-16 19:24 . 2010-07-12 08:55	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-08-16 19:24 . 2010-08-16 19:24	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-08-16 19:16 . 2010-08-16 19:16	--------	d-----w-	c:\dokumente und einstellungen\xxxxx\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software
2010-08-16 19:02 . 2010-07-12 08:56	2979280	-c--a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-08-16 19:02 . 2010-08-16 19:02	--------	dc-h--w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-16 18:59 . 2010-08-16 18:59	--------	d-----w-	c:\programme\Lavasoft
2010-08-16 17:59 . 2009-06-30 07:37	28552	----a-w-	c:\windows\system32\drivers\pavboot.sys
2010-08-16 17:57 . 2010-08-16 17:57	--------	d-----w-	c:\programme\Panda Security
2010-08-15 16:20 . 2010-08-15 16:20	6884	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AAV\SSE\15\UpdateFiles\SSEStandard_Patch_15.12.bat
2010-08-15 16:20 . 2010-08-15 16:20	20776	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AAV\SSE\15\UpdateFiles\ApplyMsp.exe
2010-08-15 16:20 . 2010-08-15 16:20	18728	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AAV\SSE\15\UpdateFiles\RepairVLH2010.exe
2010-08-13 22:19 . 2010-08-13 22:19	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2010-08-13 22:19 . 2010-08-13 22:19	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\AdobeUM
2010-08-13 22:18 . 2010-08-13 22:18	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Eigene Dateien
2010-08-01 13:33 . 2010-08-01 13:33	--------	d-s---w-	c:\dokumente und einstellungen\NetworkService\UserData

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 10:12 . 2006-04-12 20:22	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\WSC Guard
2010-08-21 10:34 . 2006-04-07 13:33	--------	d-----w-	c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Skype
2010-08-16 18:39 . 2008-08-23 17:07	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-08-08 18:31 . 2010-03-21 12:35	--------	d-----w-	c:\programme\PokerStars
2010-07-28 17:26 . 2010-07-28 17:25	--------	d-----w-	c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Trillian
2010-07-25 18:03 . 2009-08-25 16:40	--------	d-----w-	c:\programme\LowRateVoip
2010-07-02 17:36 . 2007-08-31 18:58	--------	d-----w-	c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Launchy
2010-06-14 14:31 . 2008-11-06 13:02	744448	----a-w-	c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"zBrowser Launcher"="d:\programme\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

c:\dokumente und einstellungen\xxxxx\Startmen\Programme\Autostart\
Trillian.lnk - d:\programme\Trillian4\trillian.exe [2010-8-23 2068832]
Yankee Clipper III.lnk - c:\programme\YCIII\YankClip.exe [2007-11-1 1368064]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Launchy.lnk - d:\programme\Launchy\Launchy.exe [2008-2-9 274432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_winadm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50	155648	-c--a-w-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Siemens SmartSync - ScheduleSync]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-05-03 00:56	36975	----a-w-	d:\programme\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 07:33	892928	-c--a-w-	c:\programme\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"Tomcat5"=3 (0x3)
"TapiSrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"PolicyAgent"=2 (0x2)
"mnmsrvc"=3 (0x3)
"ClipSrv"=3 (0x3)
"CiSvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="d:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"=c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor"=c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\LowRateVoip\\LowRateVoip.exe"=
"d:\\Programme\\Trillian4\\trillian.exe"=
"d:\\Programme\\Skype\\Phone\\Skype.exe"=
"d:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"d:\\Programme\\SopCast\\SopCast.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [26.03.2006 13:46 14848]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.08.2010 21:24 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16.08.2010 19:59 28552]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [26.03.2006 13:46 34304]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [03.03.2003 16:32 5760]
R2 AAV UpdateService;AAV UpdateService;d:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 17:35 128296]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [12.07.2010 10:55 1355416]
R2 Tmesbs;Tmesbs32;c:\programme\TOSHIBA\TME3\TMESBS32.EXE [03.03.2003 16:32 65536]
R2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.EXE [03.03.2003 16:32 110592]
R2 WSCNetManager;McAfee Wireless Security Network Manager Service;d:\programme\McAfee Wireless Security\WscNetMgrSvc.exe [19.09.2005 15:44 1282130]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [09.07.2008 22:23 42880]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programme\Lavasoft\Ad-Aware\kernexplorer.sys [16.08.2010 21:24 15008]
S1 SASKUTIL;SASKUTIL;\??\d:\programme\SUPERAntiSpyware\SASKUTIL.sys --> d:\programme\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);"c:\programme\Google\Update\GoogleUpdate.exe" /svc --> c:\programme\Google\Update\GoogleUpdate.exe [?]
S3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [05.12.2006 17:11 117376]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [15.04.2006 12:55 16512]
S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [06.11.2008 15:00 15104]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;\??\c:\windows\System32\drivers\PDNMp50.sys --> c:\windows\System32\drivers\PDNMp50.sys [?]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;\??\c:\windows\System32\drivers\PDNSp50.sys --> c:\windows\System32\drivers\PDNSp50.sys [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [14.05.2008 21:33 215040]
S3 Tomcat5;Apache Tomcat;d:\programme\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe [24.11.2004 18:46 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-08-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 19:24]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - 
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\programme\Gemeinsame Dateien\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: d:\programme\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: d:\programme\Java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-extensions.exe - c:\extensions.exe\extensions.exe
HKU-Default-Run-extensions.exe - c:\extensions.exe\extensions.exe
MSConfigStartUp-Skype - d:\programme\Skype\Skype.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-28 15:17
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\user.js.BAK 326 bytes
c:\dokumente und einstellungen\xxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l636ju48.default\prefs.js.BAK 26050 bytes

Scan erfolgreich abgeschlossen
versteckte Dateien: 2

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3456)
d:\programme\Logitech\iTouch\iTchHk.dll
c:\programme\Gemeinsame Dateien\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
c:\programme\AntiVir PersonalEdition Classic\sched.exe
c:\programme\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\System32\nvsvc32.exe
c:\programme\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\programme\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-28  15:23:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-28 13:22

Vor Suchlauf: 428.331.008 Bytes frei
Nach Suchlauf: 326.755.840 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - FD43E801824276CB6658CF56296F992E

--- --- ---

cosinus · 28.08.2010, 18:27

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

doenerpoldi · 29.08.2010, 12:47

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-29 13:39:15
Windows 5.1.2600 Service Pack 3
Running: eiwbp32k.exe; Driver: C:\DOKUME~1\xxxxx\LOKALE~1\Temp\kwddrfog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwConnectPort [0xB8663534]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwCreateFile [0xB865D782]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwCreateKey [0xB867C6DC]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwCreatePort [0xB8663CC0]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwCreateWaitablePort [0xB8663DF6]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwDeleteFile [0xB865E398]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwDeleteKey [0xB867DFE4]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwDeleteValueKey [0xB867D93C]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwLoadKey [0xB867E93C]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwLoadKey2 [0xB867EB44]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwOpenFile [0xB865DFAA]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwRenameKey [0xB867F8D2]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwReplaceKey [0xB867F208]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwRequestWaitReplyPort [0xB86630F4]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwRestoreKey [0xB86802A4]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwSetInformationFile [0xB865E75C]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwSetSecurityObject [0xB867FE12]
SSDT            \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                                        ZwSetValueKey [0xB867D0C4]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!_abnormal_termination + 1D4                                                                                                      804E2840 8 Bytes  JMP 6B92E0AC 

---- User code sections - GMER 1.0.15 ----

.text           D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] ntdll.dll!NtAccessCheckByType                                                     7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] ntdll.dll!NtImpersonateClientOfPort                                               7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] ntdll.dll!NtSetInformationProcess                                                 7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] kernel32.dll!OpenProcess                                                          7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] ADVAPI32.dll!ImpersonateNamedPipeClient                                           77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] ADVAPI32.dll!SetThreadToken                                                       77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] USER32.dll!FindWindowA                                                            7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] USER32.dll!FindWindowW                                                            7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtAccessCheckByType                                                                            7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtImpersonateClientOfPort                                                                      7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtSetInformationProcess                                                                        7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!OpenProcess                                                                                 7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                  77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!SetThreadToken                                                                              77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[440] USER32.dll!FindWindowA                                                                                   7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[440] USER32.dll!FindWindowW                                                                                   7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtAccessCheckByType                                                                            7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtImpersonateClientOfPort                                                                      7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtSetInformationProcess                                                                        7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!OpenProcess                                                                                 7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                  77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!SetThreadToken                                                                              77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[568] USER32.dll!FindWindowA                                                                                   7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[568] USER32.dll!FindWindowW                                                                                   7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[608] ntdll.dll!NtAccessCheckByType                                                                            7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[608] ntdll.dll!NtImpersonateClientOfPort                                                                      7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[608] ntdll.dll!NtSetInformationProcess                                                                        7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[608] kernel32.dll!OpenProcess                                                                                 7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                  77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!SetThreadToken                                                                              77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[608] USER32.dll!FindWindowA                                                                                   7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[608] USER32.dll!FindWindowW                                                                                   7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[680] ntdll.dll!NtAccessCheckByType                                                                            7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[680] ntdll.dll!NtImpersonateClientOfPort                                                                      7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[680] ntdll.dll!NtSetInformationProcess                                                                        7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[680] kernel32.dll!OpenProcess                                                                                 7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                  77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[680] ADVAPI32.dll!SetThreadToken                                                                              77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[680] USER32.dll!FindWindowA                                                                                   7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[680] USER32.dll!FindWindowW                                                                                   7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtAccessCheckByType                                                                            7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtImpersonateClientOfPort                                                                      7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtSetInformationProcess                                                                        7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!OpenProcess                                                                                 7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                  77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!SetThreadToken                                                                              77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[756] USER32.dll!FindWindowA                                                                                   7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\svchost.exe[756] USER32.dll!FindWindowW                                                                                   7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[832] kernel32.dll!OpenProcess                                                                 7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[832] USER32.dll!DefDlgProcW + 56E                                                             7E3742A8 5 Bytes  JMP 20C79270 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtAccessCheckByType                                                                           7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtImpersonateClientOfPort                                                                     7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtSetInformationProcess                                                                       7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!OpenProcess                                                                                7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\spoolsv.exe[1092] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                 77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\spoolsv.exe[1092] ADVAPI32.dll!SetThreadToken                                                                             77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\spoolsv.exe[1092] USER32.dll!FindWindowA                                                                                  7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\spoolsv.exe[1092] USER32.dll!FindWindowW                                                                                  7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtAccessCheckByType                                                                           7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtImpersonateClientOfPort                                                                     7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtSetInformationProcess                                                                       7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!OpenProcess                                                                                7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                 77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!SetThreadToken                                                                             77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!FindWindowA                                                                                  7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!FindWindowW                                                                                  7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] ntdll.dll!NtAccessCheckByType                                   7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] ntdll.dll!NtImpersonateClientOfPort                             7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] ntdll.dll!NtSetInformationProcess                               7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] kernel32.dll!OpenProcess                                        7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] ADVAPI32.dll!ImpersonateNamedPipeClient                         77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] ADVAPI32.dll!SetThreadToken                                     77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] USER32.dll!FindWindowA                                          7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] USER32.dll!FindWindowW                                          7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] ntdll.dll!NtAccessCheckByType                                            7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] ntdll.dll!NtImpersonateClientOfPort                                      7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] ntdll.dll!NtSetInformationProcess                                        7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] kernel32.dll!OpenProcess                                                 7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] ADVAPI32.dll!ImpersonateNamedPipeClient                                  77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] ADVAPI32.dll!SetThreadToken                                              77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] USER32.dll!FindWindowA                                                   7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] USER32.dll!FindWindowW                                                   7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\nvsvc32.exe[1524] ntdll.dll!NtAccessCheckByType                                                                           7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\nvsvc32.exe[1524] ntdll.dll!NtImpersonateClientOfPort                                                                     7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\nvsvc32.exe[1524] ntdll.dll!NtSetInformationProcess                                                                       7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\nvsvc32.exe[1524] kernel32.dll!OpenProcess                                                                                7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\nvsvc32.exe[1524] USER32.dll!FindWindowA                                                                                  7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\nvsvc32.exe[1524] USER32.dll!FindWindowW                                                                                  7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\nvsvc32.exe[1524] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                 77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\nvsvc32.exe[1524] ADVAPI32.dll!SetThreadToken                                                                             77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] ntdll.dll!NtAccessCheckByType                                                          7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] ntdll.dll!NtImpersonateClientOfPort                                                    7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] ntdll.dll!NtSetInformationProcess                                                      7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] kernel32.dll!OpenProcess                                                               7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] ADVAPI32.dll!ImpersonateNamedPipeClient                                                77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] ADVAPI32.dll!SetThreadToken                                                            77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] USER32.dll!FindWindowA                                                                 7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] USER32.dll!FindWindowW                                                                 7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1776] ntdll.dll!NtAccessCheckByType                                                                           7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1776] ntdll.dll!NtImpersonateClientOfPort                                                                     7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1776] ntdll.dll!NtSetInformationProcess                                                                       7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1776] kernel32.dll!OpenProcess                                                                                7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                 77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1776] ADVAPI32.dll!SetThreadToken                                                                             77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1776] USER32.dll!FindWindowA                                                                                  7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[1776] USER32.dll!FindWindowW                                                                                  7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\winlogon.exe[1840] ntdll.dll!NtAccessCheckByType                                                                          7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\winlogon.exe[1840] ntdll.dll!NtImpersonateClientOfPort                                                                    7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\winlogon.exe[1840] ntdll.dll!NtSetInformationProcess                                                                      7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\winlogon.exe[1840] kernel32.dll!OpenProcess                                                                               7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\winlogon.exe[1840] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\winlogon.exe[1840] ADVAPI32.dll!SetThreadToken                                                                            77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\winlogon.exe[1840] USER32.dll!FindWindowA                                                                                 7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\winlogon.exe[1840] USER32.dll!FindWindowW                                                                                 7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] ntdll.dll!NtAccessCheckByType                                                                    7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] ntdll.dll!NtImpersonateClientOfPort                                                              7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] ntdll.dll!NtSetInformationProcess                                                                7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] kernel32.dll!OpenProcess                                                                         7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] USER32.dll!FindWindowA                                                                           7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] USER32.dll!FindWindowW                                                                           7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] ADVAPI32.dll!ImpersonateNamedPipeClient                                                          77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] ADVAPI32.dll!SetThreadToken                                                                      77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] ntdll.dll!NtAccessCheckByType                                                                    7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] ntdll.dll!NtImpersonateClientOfPort                                                              7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] ntdll.dll!NtSetInformationProcess                                                                7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] kernel32.dll!OpenProcess                                                                         7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] USER32.dll!FindWindowA                                                                           7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] USER32.dll!FindWindowW                                                                           7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] ADVAPI32.dll!ImpersonateNamedPipeClient                                                          77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] ADVAPI32.dll!SetThreadToken                                                                      77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\services.exe[1952] ntdll.dll!NtAccessCheckByType                                                                          7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\services.exe[1952] ntdll.dll!NtImpersonateClientOfPort                                                                    7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\services.exe[1952] ntdll.dll!NtSetInformationProcess                                                                      7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\services.exe[1952] kernel32.dll!OpenProcess                                                                               7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\services.exe[1952] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\services.exe[1952] ADVAPI32.dll!SetThreadToken                                                                            77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\services.exe[1952] USER32.dll!FindWindowA                                                                                 7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\services.exe[1952] USER32.dll!FindWindowW                                                                                 7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\lsass.exe[1964] ntdll.dll!NtAccessCheckByType                                                                             7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\lsass.exe[1964] ntdll.dll!NtImpersonateClientOfPort                                                                       7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\lsass.exe[1964] ntdll.dll!NtSetInformationProcess                                                                         7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\lsass.exe[1964] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                   77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\lsass.exe[1964] ADVAPI32.dll!SetThreadToken                                                                               77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\lsass.exe[1964] USER32.dll!FindWindowA                                                                                    7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\lsass.exe[1964] USER32.dll!FindWindowW                                                                                    7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\Explorer.EXE[2468] ntdll.dll!NtAccessCheckByType                                                                                   7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\Explorer.EXE[2468] ntdll.dll!NtImpersonateClientOfPort                                                                             7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\Explorer.EXE[2468] ntdll.dll!NtSetInformationProcess                                                                               7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\Explorer.EXE[2468] kernel32.dll!OpenProcess                                                                                        7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\Explorer.EXE[2468] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                         77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\Explorer.EXE[2468] ADVAPI32.dll!SetThreadToken                                                                                     77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\Explorer.EXE[2468] USER32.dll!FindWindowA                                                                                          7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\Explorer.EXE[2468] USER32.dll!FindWindowW                                                                                          7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\wscntfy.exe[2888] ntdll.dll!NtAccessCheckByType                                                                           7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\wscntfy.exe[2888] ntdll.dll!NtImpersonateClientOfPort                                                                     7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\wscntfy.exe[2888] ntdll.dll!NtSetInformationProcess                                                                       7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\wscntfy.exe[2888] kernel32.dll!OpenProcess                                                                                7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\wscntfy.exe[2888] USER32.dll!FindWindowA                                                                                  7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\wscntfy.exe[2888] USER32.dll!FindWindowW                                                                                  7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\wscntfy.exe[2888] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                 77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\system32\wscntfy.exe[2888] ADVAPI32.dll!SetThreadToken                                                                             77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[3132] ntdll.dll!NtAccessCheckByType                                                                           7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[3132] ntdll.dll!NtImpersonateClientOfPort                                                                     7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[3132] ntdll.dll!NtSetInformationProcess                                                                       7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[3132] kernel32.dll!OpenProcess                                                                                7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[3132] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                 77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[3132] ADVAPI32.dll!SetThreadToken                                                                             77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[3132] USER32.dll!FindWindowA                                                                                  7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\svchost.exe[3132] USER32.dll!FindWindowW                                                                                  7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Logitech\iTouch\iTouch.exe[3176] ntdll.dll!NtAccessCheckByType                                                                   7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Logitech\iTouch\iTouch.exe[3176] ntdll.dll!NtImpersonateClientOfPort                                                             7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Logitech\iTouch\iTouch.exe[3176] ntdll.dll!NtSetInformationProcess                                                               7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Logitech\iTouch\iTouch.exe[3176] kernel32.dll!OpenProcess                                                                        7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Logitech\iTouch\iTouch.exe[3176] ADVAPI32.dll!ImpersonateNamedPipeClient                                                         77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Logitech\iTouch\iTouch.exe[3176] ADVAPI32.dll!SetThreadToken                                                                     77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Logitech\iTouch\iTouch.exe[3176] USER32.dll!FindWindowA                                                                          7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Logitech\iTouch\iTouch.exe[3176] USER32.dll!FindWindowW                                                                          7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Mozilla Firefox\firefox.exe[3260] ntdll.dll!NtAccessCheckByType                                                                  7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Mozilla Firefox\firefox.exe[3260] ntdll.dll!NtImpersonateClientOfPort                                                            7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Mozilla Firefox\firefox.exe[3260] ntdll.dll!NtSetInformationProcess                                                              7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Mozilla Firefox\firefox.exe[3260] kernel32.dll!OpenProcess                                                                       7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Mozilla Firefox\firefox.exe[3260] ADVAPI32.dll!ImpersonateNamedPipeClient                                                        77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Mozilla Firefox\firefox.exe[3260] ADVAPI32.dll!SetThreadToken                                                                    77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Mozilla Firefox\firefox.exe[3260] USER32.dll!FindWindowA                                                                         7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           D:\Programme\Mozilla Firefox\firefox.exe[3260] USER32.dll!FindWindowW                                                                         7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           G:\Neu\eiwbp32k.exe[3288] ntdll.dll!NtAccessCheckByType                                                                                       7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           G:\Neu\eiwbp32k.exe[3288] ntdll.dll!NtImpersonateClientOfPort                                                                                 7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           G:\Neu\eiwbp32k.exe[3288] ntdll.dll!NtSetInformationProcess                                                                                   7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           G:\Neu\eiwbp32k.exe[3288] kernel32.dll!OpenProcess                                                                                            7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           G:\Neu\eiwbp32k.exe[3288] USER32.dll!FindWindowA                                                                                              7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           G:\Neu\eiwbp32k.exe[3288] USER32.dll!FindWindowW                                                                                              7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           G:\Neu\eiwbp32k.exe[3288] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                             77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           G:\Neu\eiwbp32k.exe[3288] ADVAPI32.dll!SetThreadToken                                                                                         77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\alg.exe[3768] ntdll.dll!NtAccessCheckByType                                                                               7C91CE8E 5 Bytes  JMP 20C78791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\alg.exe[3768] ntdll.dll!NtImpersonateClientOfPort                                                                         7C91D3FE 5 Bytes  JMP 20C78D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\alg.exe[3768] ntdll.dll!NtSetInformationProcess                                                                           7C91DC9E 5 Bytes  JMP 20C789AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\alg.exe[3768] kernel32.dll!OpenProcess                                                                                    7C8309E9 5 Bytes  JMP 20C7846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\alg.exe[3768] USER32.dll!FindWindowA                                                                                      7E3782E1 5 Bytes  JMP 20C7828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\alg.exe[3768] USER32.dll!FindWindowW                                                                                      7E37C9C3 5 Bytes  JMP 20C7825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\alg.exe[3768] ADVAPI32.dll!ImpersonateNamedPipeClient                                                                     77DA7426 5 Bytes  JMP 20C78E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text           C:\WINDOWS\System32\alg.exe[3768] ADVAPI32.dll!SetThreadToken                                                                                 77DAF193 5 Bytes  JMP 20C79036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                                                      [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                                           [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                                          [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                    [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                      [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                                                        [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                                                             [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                                                            [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                                                       [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                                                     [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                                           [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                                            [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                                                             [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                                              [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                                                         [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                      [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                                                        [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                                             [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                                                            [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile]                                                                               [B86463C4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter]                                                                               [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol]                                                                          [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter]                                                                              [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                        [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                                                       [B8668672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                     [B8666C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                                                           [B8668CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                                            [B86684C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile]                                                                       [B865F2AA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile]                                                                               [B865F60C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile]                                                                               [B865ED40] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile]                                                                                 [B865F41C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe[364] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                    [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\system32\svchost.exe[440] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                           [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\system32\svchost.exe[568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                           [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                           [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\System32\svchost.exe[680] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                           [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\system32\svchost.exe[756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                           [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\system32\spoolsv.exe[1092] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                          [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\System32\svchost.exe[1232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                          [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]  [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[1372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]           [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\System32\nvsvc32.exe[1524] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                          [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[1656] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                         [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\System32\svchost.exe[1776] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                          [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\system32\winlogon.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                         [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                   [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[1924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                   [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\system32\services.exe[1952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                         [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\system32\lsass.exe[1964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                            [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\Explorer.EXE[2468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                                  [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\system32\wscntfy.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                          [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\System32\svchost.exe[3132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                          [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             D:\Programme\Logitech\iTouch\iTouch.exe[3176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                  [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             D:\Programme\Mozilla Firefox\firefox.exe[3260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                 [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             G:\Neu\eiwbp32k.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                                      [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT             C:\WINDOWS\System32\alg.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                              [20C7835C] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                        avgntmgr.sys (Avira Antivir File Filter Driver Manager/AVIRA GmbH)

Device          \Driver\Tcpip \Device\Ip                                                                                                                      vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device          \Driver\Tcpip \Device\Tcp                                                                                                                     vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                     Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                        snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                        snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                                        snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4                                                                                                        snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4                                                                                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume5                                                                                                        snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume5                                                                                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume6                                                                                                        snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume6                                                                                                        timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device          \Driver\Tcpip \Device\Udp                                                                                                                     vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device          \Driver\Tcpip \Device\RawIp                                                                                                                   vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                                                             vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- EOF - GMER 1.0.15 ----

--- --- ---

doenerpoldi · 29.08.2010, 13:19

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:17:12 on 29.08.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"AdobeGamma" - ? - %CommonFiles%\Adobe\Callibration\Adobe Gamma.cpl  (File not found)
"Avira AntiVir PersonalEdition Classic Konfiguration" - "Avira GmbH" - C:\PROGRA~1\ANTIVI~1\avconfig.cpl
"SMAX3CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax3CP.cpl
"ToshSrv" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Controls\ToshSrv.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys
"Advanced SCSI Programming Interface Driver" (ASPI) - "Adaptec" - C:\WINDOWS\System32\DRIVERS\ASPI32.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"avgntdd" (avgntdd) - "AVIRA GmbH" - C:\WINDOWS\System32\DRIVERS\avgntdd.sys
"avgntmgr" (avgntmgr) - "AVIRA GmbH" - C:\WINDOWS\System32\drivers\avgntmgr.sys
"Bluetooth ACPI from TOSHIBA" (tosrfec) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosrfec.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Cinergy T USB XE service" (AF05BDA) - "AfaTech                  " - C:\WINDOWS\System32\DRIVERS\AF05BDA.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys  (File found, but it contains no detailed information)
"Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"pavboot" (pavboot) - "Panda Security, S.L." - C:\WINDOWS\System32\drivers\pavboot.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - ? - C:\WINDOWS\System32\drivers\PDNMp50.sys  (File not found)
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - ? - C:\WINDOWS\System32\drivers\PDNSp50.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SASKUTIL" (SASKUTIL) - ? - D:\Programme\SUPERAntiSpyware\SASKUTIL.sys  (File not found)
"Sound2x Audio Cable (WDM)" (EuMusDesignVirtualAudioCableWdm_s2x) - "Eugene V. Muzychenko" - C:\WINDOWS\System32\DRIVERS\vacs2xkd.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"TMEI3E" (TMEI3E) - "Toshiba Corporation" - C:\WINDOWS\System32\Drivers\TMEI3E.SYS
"Toshiba ACPI-Based Value Added Logical Device Driver" (TVALD) - "Toshiba Corporation" - C:\WINDOWS\System32\DRIVERS\TVALD.SYS
"TOSHIBA SD Card Host Controller Driver" (tsdhd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tsdhd.sys
"Toshiba Value Added Logical and General Purpose Device Driver" (TVALG) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\TVALG.SYS
"vsdatant" (vsdatant) - "Check Point Software Technologies LTD" - C:\WINDOWS\System32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WSC Filter Miniport" (WscNetDr) - "Wireless Security Corporation" - C:\WINDOWS\System32\DRIVERS\WscNetDr.sys
"ZoneAlarm Toolbar ISWKL" (ISWKL) - "Check Point Software Technologies" - C:\Programme\CheckPoint\ZAForceField\ISWKL.sys

[Explorer]
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - D:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - D:\Programme\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - D:\Programme\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\OFFICE11\msohev.dll
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - "Siemens AG" - D:\Programme\Mobile Phone Manager\DES\DESShellExt.dll
{ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - "Siemens AG" - D:\Programme\Mobile Phone Manager\DES\DESShellExt.dll
{ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device PropertySheetHandler" - "Siemens AG" - D:\Programme\Mobile Phone Manager\DES\DESShellExt.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ZoneAlarm Security Engine" - "Check Point Software Technologies" - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
<binary data> "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{AC414988-E5BB-4C2C-873B-EA53D2F3D23A} "CCTVUpdateInstall" - ? - C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll / hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? -   (File not found | COM-object registry key not found) / 
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_07" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.5.0_07" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_07" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{182EC0BE-5110-49C8-A062-BEB1D02A220B} "Adobe PDF" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} "ClsidExtension" - "Microsoft Corporation" - C:\WINDOWS\System32\msjava.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} "ZoneAlarm Security Engine" - "Check Point Software Technologies" - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - D:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_07\bin\ssv.dll
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} "ZoneAlarm Security Engine Registrar" - "Check Point Software Technologies" - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm-Sicherheit\tbZon1.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - C:\WINDOWS\system32\relog_ap.dll

[Logon]
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ISW" - "Check Point Software Technologies" - "C:\Programme\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
"zBrowser Launcher" - "Logitech Inc." - D:\Programme\Logitech\iTouch\iTouch.exe
"ZoneAlarm Client" - "Check Point Software Technologies LTD" - "D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\System32\AdobePDF.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINDOWS\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AAV UpdateService" (AAV UpdateService) - ? - D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"AntiVir PersonalEdition Classic Guard" (AntiVirService) - "AVIRA GmbH" - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
"AntiVir PersonalEdition Classic Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
"Apache Tomcat" (Tomcat5) - "Apache Software Foundation" - D:\Programme\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Update Service (gupdate)" (gupdate) - ? - "C:\Programme\Google\Update\GoogleUpdate.exe" /svc  (File not found)
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
"McAfee Wireless Security Network Manager Service" (WSCNetManager) - "McAfee, Inc." - D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe
"O&O Defrag 2000" (OOD2000) - "O&O Software GmbH" - C:\WINDOWS\system32\OOD2000.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
"Tmesbs32" (Tmesbs) - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TME3\Tmesbs32.exe
"Tmesrv3" (Tmesrv) - "TOSHIBA" - C:\Programme\TOSHIBA\TME3\Tmesrv31.exe
"TrueVector Internet Monitor" (vsmon) - "Check Point Software Technologies LTD" - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
"ZoneAlarm Toolbar IswSvc" (IswSvc) - "Check Point Software Technologies" - C:\Programme\CheckPoint\ZAForceField\IswSvc.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

doenerpoldi · 29.08.2010, 13:22

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 99ed1954602173ef14b43a708afaa354

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;

cosinus · 29.08.2010, 20:08

Würdest Du bitte mal ZoneAlarm deinstallieren? Das Teil ist sinnfrei und kontraproduktiv. Nutze lieber die Windows-Firewall.

Downloade Dir danach MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

doenerpoldi · 04.09.2010, 10:16

Zonealarm deinstalliert. Windows Firewall aktiviert.

Welche Tools sollte man denn unbedingt installiert haben? Reichen die Windows-Tools denn?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A7000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7596000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF74D8000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF74B9000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7717000 pavboot.sys
0xF7637000 VolSnap.sys
0xF74A1000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7481000 fltmgr.sys
0xF746F000 sr.sys
0xF7667000 Lbd.sys
0xF7677000 avgntmgr.sys
0xF771F000 PxHelp20.sys
0xF7860000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7833000 NDIS.sys
0xF7AF3000 timntr.sys
0xF798D000 TVALG.SYS
0xF798F000 TVALD.SYS
0xF796C000 snapman.sys
0xF7952000 Mup.sys
0xF7687000 agp440.sys
0xB98C7000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xB98B3000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF778F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB988F000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7797000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB97ED000 \SystemRoot\System32\DRIVERS\w70n51.sys
0xF779F000 \SystemRoot\System32\DRIVERS\tsdhd.sys
0xF741F000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA778000 \SystemRoot\System32\DRIVERS\itchfltr.sys
0xF77A7000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB97D5000 \SystemRoot\System32\DRIVERS\Apfiltr.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF740F000 \SystemRoot\System32\DRIVERS\smcirda.sys
0xBA770000 \SystemRoot\System32\DRIVERS\irenum.sys
0xB97C1000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7887000 \SystemRoot\System32\DRIVERS\serial.sys
0xF77B7000 \SystemRoot\system32\drivers\actser.sys
0xBA768000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7877000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA159000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB9776000 \SystemRoot\System32\DRIVERS\ks.sys
0xB96F7000 \SystemRoot\system32\drivers\smwdm.sys
0xB96D3000 \SystemRoot\system32\drivers\portcls.sys
0xBA149000 \SystemRoot\system32\drivers\drmk.sys
0xB96BB000 \SystemRoot\system32\drivers\aeaudio.sys
0xB95F5000 \SystemRoot\System32\DRIVERS\LTSM.sys
0xF77BF000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA75C000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xBA139000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xBA129000 \SystemRoot\System32\DRIVERS\vacs2xkd.sys
0xF7A77000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF77C7000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF77CF000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xBA119000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA754000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB95DE000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA109000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA0F9000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB95CD000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA0E9000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF77D7000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB954D000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA0D9000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF799D000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9427000 \SystemRoot\System32\DRIVERS\update.sys
0xBA73C000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB9413000 \SystemRoot\System32\DRIVERS\WscNetDr.sys
0xBA0C9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76C7000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79A5000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF76F7000 \SystemRoot\SYSTEM32\DRIVERS\avgntdd.sys
0xF79A9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AA2000 \SystemRoot\System32\Drivers\Null.SYS
0xF79AB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77FF000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF7807000 \SystemRoot\System32\drivers\vga.sys
0xF79AD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79AF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF780F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7817000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA780000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB83B8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB835F000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB8337000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB8315000 \SystemRoot\System32\drivers\afd.sys
0xF7586000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF781F000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xF79B1000 \SystemRoot\System32\Drivers\TMEI3E.SYS
0xB7856000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF7526000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB97A1000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF7516000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xB782B000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB77BB000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7506000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9549000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB9505000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB3F5B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79E1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA71C000 \SystemRoot\System32\drivers\Dxapi.sys
0xB9585000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB7727000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xF77EF000 \SystemRoot\System32\DRIVERS\tifsfilt.sys
0xB18E4000 \SystemRoot\System32\DRIVERS\irda.sys
0xB1A2E000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB174F000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF79C7000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF77F7000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xB15E0000 \SystemRoot\System32\DRIVERS\srv.sys
0xB13EB000 \SystemRoot\system32\drivers\wdmaud.sys
0xB15B0000 \SystemRoot\system32\drivers\sysaudio.sys
0xB0ED4000 \SystemRoot\System32\Drivers\HTTP.sys
0xB0CD0000 \??\C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
1172 C:\WINDOWS\system32\smss.exe
1780 csrss.exe
1804 C:\WINDOWS\system32\winlogon.exe
1896 C:\WINDOWS\system32\services.exe
1908 C:\WINDOWS\system32\lsass.exe
380 C:\WINDOWS\system32\svchost.exe
504 svchost.exe
540 C:\WINDOWS\system32\svchost.exe
588 svchost.exe
680 svchost.exe
1068 C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
268 C:\WINDOWS\system32\spoolsv.exe
1316 svchost.exe
1348 D:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
1360 C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
1388 C:\Programme\AntiVir PersonalEdition Classic\sched.exe
1408 C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
1496 C:\WINDOWS\system32\nvsvc32.exe
1568 C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
1612 C:\WINDOWS\system32\svchost.exe
1996 C:\Programme\TOSHIBA\TME3\TMESBS32.EXE
1032 C:\WINDOWS\explorer.exe
1628 C:\Programme\TOSHIBA\TME3\TMESRV31.EXE
2036 D:\Programme\McAfee Wireless Security\WscNetMgrSvc.exe
2192 D:\Programme\Logitech\iTouch\iTouch.exe
2408 D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
2520 D:\Programme\Launchy\Launchy.exe
2552 D:\Programme\Trillian4\trillian.exe
2580 C:\Programme\YCIII\YankClip.exe
3348 C:\WINDOWS\system32\wscntfy.exe
3960 unsecapp.exe
736 alg.exe
956 wmiprvse.exe
3836 C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
1048 D:\PROGRA~1\MOBILE~1\bin\DESPROXY.exe
696 D:\PROGRA~1\MOBILE~1\bin\SPHONE~1.EXE
3572 D:\Programme\Mozilla Thunderbird\thunderbird.exe
3704 D:\Programme\Mozilla Firefox\firefox.exe
3916 G:\Neu\MBRCheck.exe
2700 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000001`40251800 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000004`64ab6a00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000016`49b46a00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000014`693ec200 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000013`6953ae00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM100JC, Rev: YN100-08

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

Done!

cosinus · 04.09.2010, 15:40

Zitat:

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

Windows 98 MBR??

Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei

Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
Enter your choice: 2
Enter the physical disk number to fix (0-99, -1 to cancel): 0
Please select the MBR code to write to this drive: 1 (für XP)
Gib nun Yes ein und bestätige mit ENTER.
Starte den Rechner neu auf.

Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten

doenerpoldi · 11.09.2010, 09:53

Hallo,

am Ende erhalte ich die Frage nicht, ob ich weitere Optionen einstellen möchte:

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

Done!
Press ENTER to exit...

22.08.2010, 18:15	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	browser stuerzt ab bei login Sry, aber was ist mit dem format da passiert? Poste die Logsfiles bitte ohne sinnfreie Zeilenumbrüche. Am besten Du packst die Logs in eine ZIP Datei und hängst diese hier an. __________________ Logfiles bitte immer in CODE-Tags posten

browser stuerzt ab bei login

Log-Analyse und Auswertung: browser stuerzt ab bei login