| |
| |||||||
Log-Analyse und Auswertung: Java-Virus JAVA/Stutter.EWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.06.2011, 22:52
| #1 |
 |  Java-Virus JAVA/Stutter.E Hallo, und vielen Dank, dass es dieses Forum gibt. Es hat sich der Virus JAVA/Stutter.E eingeschlichen, den ich in Quarantäne geschoben habe. Wie kann ich ihn richtig beseitigen und erkennen, ob es noch andere Viren gibt. Die Systemsteuerung lässt sich nicht mehr öffnen (weißes Fenster ohne Rückmeldung) und das Symbol von Antivir hat in der Start-Menü-Leiste keinen geöffneten Regenschirm mehr (nur noch geschlossener Regenschirm), obwohl aktiv. |
|
30.06.2011, 10:48
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Java-Virus JAVA/Stutter.EZitat:
Mach auch bitte einen Vollscan mit Malwarebytes und poste das Log.
__________________ |
|
30.06.2011, 12:44
| #3 |
| | Java-Virus JAVA/Stutter.E hier sind die Logs.
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6985
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
30.06.2011 12:25:23
mbam-log-2011-06-30 (12-25-23).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 330521
Laufzeit: 1 Stunde(n), 17 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\***\***\alt\***\programme\mp3wandler\eac-0.99pb4.exe (Adware.Yabector) -> Quarantined and deleted successfully.
c:\Users\***\***\programme\mp3wandler\eac-0.99pb4.exe (Adware.Yabector) -> Quarantined and deleted successfully.
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:38 on 29/06/2011 (D)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 29.06.2011 21:51:42 - Run 1 OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\***\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,62 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 71,51% Memory free 5,46 Gb Paging File | 4,78 Gb Available in Paging File | 87,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 64,41 Gb Total Space | 9,01 Gb Free Space | 13,99% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,36 Gb Free Space | 53,62% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.29 21:46:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.06.29 15:39:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.29 22:51:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.18 18:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2011.02.18 18:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe PRC - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2011.02.15 17:25:42 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe PRC - [2010.11.04 16:16:07 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.11.05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2006.11.05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe ========== Modules (SafeList) ========== MOD - [2011.06.29 21:46:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2011.02.15 17:25:56 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll MOD - [2010.11.29 21:36:22 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll MOD - [2010.11.29 21:36:22 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.06.29 15:39:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 22:51:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 18:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2010.03.29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.06.29 15:39:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 15:39:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.02.15 17:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010.05.15 17:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2010.05.14 22:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.02.08 20:05:32 | 000,030,680 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLAPMonM.SYS -- (DLAPMonM) DRV - [2007.02.08 20:05:32 | 000,013,624 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLADiagM.SYS -- (DLADiagM) DRV - [2007.02.08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007.02.08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.10.26 16:22:00 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2006.10.26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006.10.26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2006.10.26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006.10.26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006.10.26 16:21:28 | 000,033,592 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLADHK_M.SYS -- (DLADHK_M) DRV - [2006.10.26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006.10.26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006.10.26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006.09.25 17:27:28 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser) DRV - [2006.09.25 17:27:28 | 000,055,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) DMT USB Composite Device driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.03.18 11:03:52 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DLADiag] C:\Windows\DLADiag.EXE (Roxio) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [WatcherBIN] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Users\***\***\PROGRA~1\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab (CanvasX Class) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.photodose.de/ips-opdata/operator/69189345/objects/jordan.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.198 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.06.29 21:46:06 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.06.14 17:37:24 | 000,000,000 | --SD | C] -- C:\Users\***\Documents\Eigene Datenquellen [2011.06.14 17:35:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SunODFPluginforMicrosoftOffice [2011.01.06 21:24:22 | 006,331,338 | ---- | C] (G DATA Software AG) -- C:\Program Files\WebSpeech4.exe [2010.09.09 15:01:22 | 001,234,224 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimePlayer.exe [2010.09.09 15:01:22 | 000,800,048 | ---- | C] (Apple Inc.) -- C:\Program Files\QTPlugin.ocx [2010.09.09 14:55:18 | 007,841,056 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimePlayer.dll [2010.09.09 14:55:16 | 000,369,952 | ---- | C] (Apple Inc.) -- C:\Program Files\QTUIPanelControl.dll [2010.09.09 14:55:14 | 000,894,240 | ---- | C] (Apple Inc.) -- C:\Program Files\QTOControl.dll [2010.09.09 14:55:14 | 000,824,608 | ---- | C] (Apple Inc.) -- C:\Program Files\QTInfo.exe [2010.09.09 14:55:14 | 000,820,512 | ---- | C] (Apple Inc.) -- C:\Program Files\QTOLibrary.dll [2010.09.08 12:17:42 | 000,421,888 | ---- | C] (Apple Inc.) -- C:\Program Files\QTTask.exe [2010.09.08 12:17:38 | 000,561,152 | ---- | C] (Apple Inc.) -- C:\Program Files\PictureViewer.exe ========== Files - Modified Within 30 Days ========== [2011.06.29 21:46:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.06.29 21:42:22 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.29 21:42:22 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.29 21:42:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.29 21:42:00 | 2816,524,288 | -HS- | M] () -- C:\hiberfil.sys [2011.06.29 21:17:43 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.06.29 21:16:46 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2011.06.29 17:26:29 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2011.06.29 15:39:04 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.06.29 15:39:04 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.06.27 09:44:58 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.27 09:44:58 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.27 09:44:58 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.27 09:44:58 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.21 13:57:28 | 000,126,889 | ---- | M] () -- C:\Users\***\Desktop\frisur.jpg [2011.06.16 13:45:15 | 115,954,465 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.06.08 15:50:43 | 000,104,526 | ---- | M] () -- C:\Users\***\Desktop\Ueberweisungsbestätigung.jpg ========== Files Created - No Company Name ========== [2011.06.29 21:17:43 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.06.29 21:16:44 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2011.06.29 17:26:29 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp [2011.06.21 14:00:49 | 000,126,889 | ---- | C] () -- C:\Users\***\Desktop\frisur.jpg [2011.06.08 15:46:22 | 000,104,526 | ---- | C] () -- C:\Users\***\Desktop\Ueberweisungsbestätigung.jpg [2010.11.05 19:11:19 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.09.10 18:02:56 | 000,010,180 | ---- | C] () -- C:\Program Files\QuickTime Read Me.htm [2010.09.08 12:17:44 | 000,055,622 | ---- | C] () -- C:\Program Files\Sample.mov [2010.09.08 12:17:44 | 000,018,663 | ---- | C] () -- C:\Program Files\Sample.qtif [2010.08.04 16:55:44 | 000,000,001 | ---- | C] () -- C:\Windows\System32\InprocServer32.dll [2010.06.29 00:14:54 | 000,107,626 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin [2010.06.25 08:18:47 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL [2010.06.25 08:18:47 | 000,000,150 | ---- | C] () -- C:\Windows\wininit.ini [2010.06.15 22:54:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.15 12:26:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.06.15 12:26:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.06.14 22:25:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.06.14 17:56:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.06.14 14:15:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.05.14 21:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.05.14 21:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010.05.14 21:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.05.14 21:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2007.08.07 01:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.02 17:38:05 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:38:05 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 000,287,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.09.17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll ========== LOP Check ========== [2011.04.28 00:47:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.03.18 10:44:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2010.11.05 18:31:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2010.11.05 18:43:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder [2010.06.16 15:27:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nvu [2010.07.12 14:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.06.21 14:01:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView [2011.06.29 21:41:53 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.06.14 14:29:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.06.14 14:39:03 | 000,000,000 | ---D | M] -- C:\1d6c81bfa23fd065041b4a61545a [2010.06.16 15:52:49 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.06.14 14:20:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.06.14 22:20:08 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.06.14 15:15:18 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.03.18 10:52:17 | 000,000,000 | R--D | M] -- C:\Program Files [2010.11.29 21:36:55 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.06.14 14:20:52 | 000,000,000 | -HSD | M] -- C:\Programme [2011.06.29 21:52:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.06.14 14:29:32 | 000,000,000 | R--D | M] -- C:\Users [2010.06.14 22:46:31 | 000,000,000 | ---D | M] -- C:\Webabfrage [2011.06.16 13:45:15 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2010.09.08 12:17:38 | 000,561,152 | ---- | M] (Apple Inc.) -- C:\Program Files\PictureViewer.exe [2010.09.09 14:55:14 | 000,824,608 | ---- | M] (Apple Inc.) -- C:\Program Files\QTInfo.exe [2010.09.08 12:17:42 | 000,421,888 | ---- | M] (Apple Inc.) -- C:\Program Files\QTTask.exe [2010.09.09 15:01:22 | 001,234,224 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTimePlayer.exe [2011.01.06 17:09:03 | 006,331,338 | ---- | M] (G DATA Software AG) -- C:\Program Files\WebSpeech4.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-04 10:11:38 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.06.2011 21:51:42 - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,62 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 71,51% Memory free
5,46 Gb Paging File | 4,78 Gb Available in Paging File | 87,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64,41 Gb Total Space | 9,01 Gb Free Space | 13,99% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,36 Gb Free Space | 53,62% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Users\***\***\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Users\***\***\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Users\***\***\Programme\MoviePlayer\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Users\***\***\Programme\DM-Drogerie\alt\dm Fotowelt\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Users\***\***\Programme\DM-Drogerie\alt\dm Fotowelt\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\***\***\Programme\MoviePlayer\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{49BB321E-BC22-4DCB-8A4F-ECCFCBA75B02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{910FF0A8-11A3-4124-BD95-C19DC322FEF7}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{A11598F4-A8AA-4944-B58A-C3EA310B9E5C}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9307C98E-269D-4B85-A331-3E74E123CB67}" = DP L10 Utility
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{C32D70D8-54F0-4152-B68E-12AB49061263}" = DMT Utility
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"dm-Fotowelt" = dm-Fotowelt
"DMTCOMM&0489&E003" = DMT USB to UART Bridge Controller
"druckstdu.de Designer 1.5.1_is1" = druckstdu.de Designer 1.5.1
"druckstdu.de Designer_is1" = druckstdu.de Designdatei
"FKC22153088_is1" = fotokasten comfort
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"LHTTSGED" = L&H TTS3000 Deutsch
"Lidl-Fotos_is1" = Lidl-Fotos
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"VLC media player" = VLC media player 1.1.0
"ws4.webspeech" = G DATA WebSpeech 4
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.06.2011 11:15:49 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 53c Anfangszeit: 01cc366f313565ac Zeitpunkt
der Beendigung: 125
Error - 29.06.2011 11:16:45 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 848 Anfangszeit: 01cc366f6d799961 Zeitpunkt
der Beendigung: 31
Error - 29.06.2011 11:17:22 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: ef0 Anfangszeit: 01cc366f8d4ebf05 Zeitpunkt
der Beendigung: 63
Error - 29.06.2011 11:18:19 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: a24 Anfangszeit: 01cc366fa5133035 Zeitpunkt
der Beendigung: 47
Error - 29.06.2011 11:22:53 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: a58 Anfangszeit: 01cc366fc6aaf24b Zeitpunkt
der Beendigung: 47
Error - 29.06.2011 11:31:08 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 7d8 Anfangszeit: 01cc36706a1b76c6 Zeitpunkt
der Beendigung: 47
Error - 29.06.2011 11:47:04 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: edc Anfangszeit: 01cc367191486e92 Zeitpunkt
der Beendigung: 62
Error - 29.06.2011 11:47:27 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 6b0 Anfangszeit: 01cc3673cb4ca5ed Zeitpunkt
der Beendigung: 16
Error - 29.06.2011 11:53:46 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: b68 Anfangszeit: 01cc3673cb3bf577 Zeitpunkt
der Beendigung: 47
Error - 29.06.2011 11:54:37 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: c8 Anfangszeit: 01cc3674baf6068e Zeitpunkt
der Beendigung: 375
[ System Events ]
Error - 26.07.2010 02:23:56 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description =
Error - 26.07.2010 02:23:56 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 27.07.2010 13:43:56 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description =
Error - 27.07.2010 13:43:56 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 02.08.2010 01:47:25 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description =
Error - 02.08.2010 01:47:25 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 03.08.2010 07:45:14 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description =
Error - 03.08.2010 08:00:29 | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 03.08.2010 08:00:29 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description =
Error - 03.08.2010 08:00:29 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Geändert von cosinus (30.06.2011 um 12:52 Uhr) Grund: 1x extras und 1x OLT.txt reicht |
|
30.06.2011, 12:50
| #4 |
| | Java-Virus JAVA/Stutter.E und hier noch die anderen. [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-29 22:51:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK8037GSX rev.DL240D
Running: ybbjneht.exe; Driver: C:\Users\***\AppData\Local\Temp\pxldipob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8E467570]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x8E467E46]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8E466FC6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8E460884]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8E481FA8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8E467AD0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8E47BE42]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8E47C26A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8E4866FE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8E467C2E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8E4615B4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8E483A50]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8E483346]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8E47AC26]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8E48441A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8E484658]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8E484B0A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8E46116C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x8E47E358]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x8E47DF46]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8E4854E0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8E484DD4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8E466B5E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8E485F40]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8E467292]
SSDT 8E1B4413 ZwSetContextThread
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8E4619BE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x8E485A68]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8E482A6A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8E47CF66]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x8E47CC96]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8E47C6DE]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 13D 81CB68A0 8 Bytes [70, 75, 46, 8E, 46, 7E, 46, ...]
.text ntkrnlpa.exe!KeSetEvent + 1C1 81CB6924 4 Bytes [C6, 6F, 46, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D9 81CB693C 4 Bytes [84, 08, 46, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1E9 81CB694C 4 Bytes JMP C9EB11D2
.text ntkrnlpa.exe!KeSetEvent + 205 81CB6968 12 Bytes [D0, 7A, 46, 8E, 42, BE, 47, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Users\***\Desktop\ybbjneht.exe[192] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\Desktop\ybbjneht.exe[192] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\Desktop\ybbjneht.exe[192] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\Desktop\ybbjneht.exe[192] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\Desktop\ybbjneht.exe[192] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\Desktop\ybbjneht.exe[192] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\Desktop\ybbjneht.exe[192] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\Desktop\ybbjneht.exe[192] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\Desktop\ybbjneht.exe[192] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[280] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[280] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[280] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[280] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[280] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[280] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[280] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[412] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[412] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[412] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[412] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[412] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[412] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[412] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[412] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[412] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[492] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[492] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[492] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[492] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[492] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[492] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[492] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[492] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[492] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[568] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[568] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[568] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[568] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[568] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[584] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[584] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[584] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[584] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[584] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[584] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[584] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[584] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[592] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[592] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[592] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[592] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[592] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[592] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[592] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[592] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[592] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[772] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[772] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[888] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[888] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[896] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[896] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[896] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[896] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[896] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[896] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[896] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[896] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[896] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[992] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[992] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1380] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1756] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1756] USER32.dll!IsWindowUnicode + 37 772E90B5 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1832] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1832] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1832] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1832] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1832] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1832] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1832] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1832] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1832] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1868] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1876] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1876] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1876] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1876] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1876] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1876] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1876] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1876] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1876] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] kernel32.dll!SetUnhandledExceptionFilter 7647A84F 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2092] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[2184] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[2184] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[2184] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[2184] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[2184] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[2184] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[2184] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[2184] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[2184] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3068] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3220] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3232] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe[3280] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3312] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3320] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3620] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[3856] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3992] ntdll.dll!NtAccessCheckByType 777E4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3992] ntdll.dll!NtAlpcImpersonateClientOfPort 777E4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3992] ntdll.dll!NtImpersonateClientOfPort 777E49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3992] ntdll.dll!NtSetInformationProcess 777E5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3992] kernel32.dll!OpenProcess 76497267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3992] ADVAPI32.dll!ImpersonateNamedPipeClient 773E3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3992] ADVAPI32.dll!SetThreadToken 773F8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3992] USER32.dll!FindWindowA 772E9D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3992] USER32.dll!FindWindowW 772FA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Die Datei hjtscanlist.txt ließ sich nicht erstellen: "Die Datei hjtscanlist.txt kann nicht gefunden werden. Möchten Sie eine neue Datei erstellen?" Code:
ATTFilter Adobe Download Manager NOS Microsystems Ltd. 14.06.2010 0,40MB 1.6.2.63
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 15.06.2010 10.1.53.64
Adobe Reader 9.4.2 - Deutsch Adobe Systems Incorporated 17.03.2011 164,7MB 9.4.2
Amazon MP3-Downloader 1.0.9 27.04.2011 2,56MB
Apple Application Support Apple Inc. 28.11.2010 42,8MB 1.3.2
Apple Software Update Apple Inc. 28.11.2010 2,16MB 2.1.1.116
Avira AntiVir Personal - Free Antivirus Avira GmbH 28.06.2011 96,6MB 10.2.0.690
CCleaner Piriform 29.06.2011 3,82MB 3.08
Dell Driver Download Manager Dell Inc. 24.06.2010 2.1.0.0
dm-Fotowelt 12.09.2010 251MB
DMT USB to UART Bridge Controller 17.02.2011
DMT Utility 17.02.2011 21.645MB
DP L10 Utility 17.02.2011 0,97MB
druckstdu.de Designdatei Druckstdu.de 16.06.2010 69,2MB
druckstdu.de Designer 1.5.1 druckstdu 16.06.2010 69,2MB
fotokasten comfort 28.06.2010 15,4MB
G DATA Logox 4 Speechengine G DATA Software AG 05.01.2011
G DATA WebSpeech 4 G DATA Software AG 05.01.2011
Java(TM) 6 Update 24 Sun Microsystems, Inc. 16.06.2010 94,5MB 6.0.240
L&H TTS3000 Deutsch 04.01.2011
Lidl-Fotos 02.07.2010 18,7MB
Malwarebytes' Anti-Malware Version 1.51.0.1200 Malwarebytes Corporation 29.06.2011 7,29MB 1.51.0.1200
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 20.06.2010 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 13.06.2010 27,8MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.06.2010 120,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.06.2010 24,5MB 4.0.30319
Microsoft Office Standard Edition 2003 Microsoft Corporation 13.06.2010 198,6MB 11.0.5614.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 12.09.2010 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.06.2010 0,58MB 9.0.30729.4148
Paint.NET v3.5.5 dotPDN LLC 14.06.2010 10,2MB 3.55.0
QuickTime Apple Inc. 28.11.2010 73,7MB 7.68.75.0
RealSpeak Solo fur Deutsch - Steffi ScanSoft 06.01.2011 15,4MB 4.00.0000
Roxio Creator Audio Roxio 04.11.2010 1,14MB 3.3.0
Roxio Creator Copy Roxio 04.11.2010 0,63MB 3.3.0
Roxio Creator Data Roxio 04.11.2010 0,92MB 3.3.0
Roxio Creator DE Roxio 04.11.2010 25,3MB 3.3.0
Roxio Creator Tools Roxio 04.11.2010 0,34MB 3.3.0
Roxio Drag-to-Disc Roxio 24.06.2010 8,20MB 9.0
Roxio MyDVD DE Roxio, Inc. 04.11.2010 329MB 9.0.117
Roxio Update Manager Roxio 04.11.2010 2,42MB 3.0.0
Skype Toolbars Skype Technologies S.A. 07.04.2011 5,93MB 5.0.4137
Skype™ 5.1 Skype Technologies S.A. 07.04.2011 22,7MB 5.1.112
Sun ODF Plugin for Microsoft Office 3.2 Sun Microsystems 13.06.2011 221MB 3.2.9483
VLC media player 1.1.0 VideoLAN 27.06.2010 75,7MB 1.1.0
ZoneAlarm Check Point, Inc 17.03.2011 20,1MB 9.2.105.000
ZoneAlarm Toolbar Check Point Software Technologies 17.03.2011 25,9MB
Code:
ATTFilter Exportierte Ereignisse:
28.06.2011 13:57 [Updater] Update nicht ausgeführt
Das Update von Computer *** (***) von hxxp://87.248.217.254/update
ist fehlgeschlagen.
Abbruch durch den Benutzer
Es wurden keine neuen Dateien geladen.
29.06.2011 19:50 [Scanner] Malware gefunden
Die Datei
'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7061701b-769f05a2'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Stutter.E' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a9bcb60.qua'
verschoben!
29.06.2011 17:07 [Guard] AntiVir Guard deaktiviert
AntiVir Guard wurde deaktiviert.
29.06.2011 17:19 [Guard] AntiVir Guard deaktiviert
AntiVir Guard wurde deaktiviert.
29.06.2011 22:08 [Guard] AntiVir Guard deaktiviert
AntiVir Guard wurde deaktiviert.
|
|
30.06.2011, 12:50
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus JAVA/Stutter.EZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.06.2011, 14:33
| #6 |
| | Java-Virus JAVA/Stutter.E okay, hab mich informiert, werde die Windows Vista Firewall einschalten und ZoneAlarm abschalten (+deinstallieren). Nur zur Zeit ist es unmöglich, weil ich nicht in die Systemsteuerung rein komme. Danke schonmal im Voraus. |
|
30.06.2011, 14:37
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus JAVA/Stutter.EZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.06.2011, 15:06
| #8 |
| | Java-Virus JAVA/Stutter.E das Fenster "Systemsteuerung" öffnet sich unvollständig. Will heißen, dass der rechte Fensterinhalt unangezeigt bleibt. Wenn ich drauf klicke, kommt: (keine Rückmeldung) oben im Rahmen und der Prozess lässt sich nur abwürgen. Was kann und sollte ich bei dem Virus Stutter.E machen? |
|
30.06.2011, 15:14
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus JAVA/Stutter.E Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.06.2011, 16:04
| #10 |
| | Java-Virus JAVA/Stutter.E hier ist der Inhalt von Combofix: [code] Combofix Logfile: Code:
ATTFilter ComboFix 11-06-30.01 - D 30.06.2011 16:34:49.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.2685.1635 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Eventuell infizierte Webseiten -----
.
hxxp://apnmedia.ask.com
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-28 bis 2011-06-30 ))))))))))))))))))))))))))))))
.
.
2011-06-30 14:43 . 2011-06-30 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 14:32 . 2011-06-30 14:32 -------- d-----w- C:\32788R22FWJFW
2011-06-30 11:26 . 2011-06-30 11:26 -------- d-----w- c:\program files\CCleaner
2011-06-30 10:26 . 2011-06-30 10:26 54016 ----a-w- c:\windows\system32\drivers\abldctc.sys
2011-06-30 08:59 . 2011-06-30 08:59 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-06-30 08:58 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 08:58 . 2011-06-30 08:58 -------- d-----w- c:\programdata\Malwarebytes
2011-06-30 08:58 . 2011-06-30 08:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-30 08:58 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-14 15:35 . 2011-06-14 15:35 -------- d-----w- c:\users\***\AppData\Roaming\SunODFPluginforMicrosoftOffice
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 13:39 . 2010-06-14 17:30 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-29 13:39 . 2010-06-14 17:30 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-06 15:09 . 2011-01-06 19:24 6331338 ----a-w- c:\program files\WebSpeech4.exe
2010-09-09 13:01 . 2010-09-09 13:01 800048 ----a-w- c:\program files\QTPlugin.ocx
2010-09-09 13:01 . 2010-09-09 13:01 1234224 ----a-w- c:\program files\QuickTimePlayer.exe
2010-09-09 12:55 . 2010-09-09 12:55 7841056 ----a-w- c:\program files\QuickTimePlayer.dll
2010-09-09 12:55 . 2010-09-09 12:55 369952 ----a-w- c:\program files\QTUIPanelControl.dll
2010-09-09 12:55 . 2010-09-09 12:55 894240 ----a-w- c:\program files\QTOControl.dll
2010-09-09 12:55 . 2010-09-09 12:55 824608 ----a-w- c:\program files\QTInfo.exe
2010-09-09 12:55 . 2010-09-09 12:55 820512 ----a-w- c:\program files\QTOLibrary.dll
2010-09-08 10:17 . 2010-09-08 10:17 421888 ----a-w- c:\program files\QTTask.exe
2010-09-08 10:17 . 2010-09-08 10:17 561152 ----a-w- c:\program files\PictureViewer.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 10:50 2517088 ----a-w- c:\program files\ZoneAlarm-Sicherheit\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"DLADiag"="c:\windows\DLADiag.EXE" [2007-02-08 56056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"QuickTime Task"="c:\program files\QTTask.exe" [2010-09-08 421888]
"ZoneAlarm Client"="c:\users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 DLADHK_M;DLADHK_M;c:\windows\system32\Drivers\DLADHK_M.SYS [2006-10-26 33592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 DLADiagM;DLADiagM;c:\windows\system32\Drivers\DLADiagM.SYS [2007-02-08 13624]
S1 DLAPMonM;DLAPMonM;c:\windows\system32\Drivers\DLAPMonM.SYS [2007-02-08 30680]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 488952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\users\***\***\PROGRA~1\Office\OFFICE11\EXCEL.EXE/3000
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\progra~1\COMMON~1\WEBSPE~1.0\LgxIEBar.dll
TCP: DhcpNameServer = 80.69.100.198 192.168.0.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.photodose.de/ips-opdata/operator/69189345/objects/jordan.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-WatcherBIN - c:\users\***\***\Programme\ebay\Watcherbin\WatcherBIN.exe
AddRemove-lgx4.lgx.server - c:\windows\GSetup.exe
AddRemove-ws4.webspeech - c:\windows\GSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-30 16:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(584)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2011-06-30 16:53:59
ComboFix-quarantined-files.txt 2011-06-30 14:53
.
Vor Suchlauf: 7 Verzeichnis(se), 14.662.320.128 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 14.838.775.808 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=15 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
- - End Of File - - E79EBA0282899F0C10DA4700C5D57D32
--- --- --- Geändert von kabuschi (30.06.2011 um 16:13 Uhr) |
|
30.06.2011, 16:12
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus JAVA/Stutter.E Geht die Systemsteuerung wieder? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.06.2011, 17:57
| #14 |
| | Java-Virus JAVA/Stutter.E hier ist das log von OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:52:43 on 30.06.2011 OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QTSystem\QuickTime.cpl "WebSpeech" - "G DATA Software AG" - C:\PROGRA~1\COMMON~1\WEBSPE~1.0\LgxIEControl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "DLABMFSM" (DLABMFSM) - "Roxio" - C:\Windows\System32\DLA\DLABMFSM.SYS "DLABOIOM" (DLABOIOM) - "Roxio" - C:\Windows\System32\DLA\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Roxio" - C:\Windows\System32\Drivers\DLACDBHM.SYS "DLADHK_M" (DLADHK_M) - "Roxio" - C:\Windows\System32\Drivers\DLADHK_M.SYS "DLADiagM" (DLADiagM) - "Roxio" - C:\Windows\System32\Drivers\DLADiagM.SYS "DLADResM" (DLADResM) - "Roxio" - C:\Windows\System32\DLA\DLADResM.SYS "DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\Windows\System32\DLA\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\Windows\System32\DLA\DLAOPIOM.SYS "DLAPMonM" (DLAPMonM) - "Roxio" - C:\Windows\System32\Drivers\DLAPMonM.SYS "DLAPoolM" (DLAPoolM) - "Roxio" - C:\Windows\System32\DLA\DLAPoolM.SYS "DLARTL_M" (DLARTL_M) - "Roxio" - C:\Windows\System32\Drivers\DLARTL_M.SYS "DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\Windows\System32\DLA\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\Windows\System32\DLA\DLAUDF_M.SYS "DMT USB Composite Device driver (WDM)" (slabbus) - "MCCI" - C:\Windows\System32\DRIVERS\slabbus.sys "DMT USB to UART Bridge Controller Drivers" (slabser) - "MCCI" - C:\Windows\System32\DRIVERS\slabser.sys "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\Windows\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Roxio" - C:\Windows\System32\Drivers\DRVNDDM.SYS "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "vsdatant7" (vsdatant7) - ? - C:\Windows\System32\drivers\vsdatant.win7.sys (File not found) "Zone Alarm Firewall Driver" (Vsdatant) - "Check Point Software Technologies LTD" - C:\Windows\System32\DRIVERS\vsdatant.sys "ZoneAlarm Toolbar ISWKL" (ISWKL) - "Check Point Software Technologies" - C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Users\***\***\Programme\Entpacker\7zip\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Users\***\***\Programme\Office\OFFICE11\msohev.dll {5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Users\***\***\Programme\Roxio\Shellex.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ZoneAlarm Security Engine" - "Check Point Software Technologies" - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll <binary data> "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {28B66320-9687-4B13-8757-36F901887AB5} "CanvasX Class" - "IPLabs GmbH" - C:\Windows\Downloaded Program Files\canvasx.dll / hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} "JordanUploader Class" - "IPLabs GmbH" - C:\Windows\Downloaded Program Files\JordanApplet.dll / hxxp://www.photodose.de/ips-opdata/operator/69189345/objects/jordan.cab {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\Users\***\***\PROGRA~1\Office\OFFICE11\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} "WebSpeech" - "G DATA Software AG" - C:\PROGRA~1\COMMON~1\WEBSPE~1.0\LgxIEBar.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} "ZoneAlarm Security Engine" - "Check Point Software Technologies" - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} "WebSpeechBHO Class" - ? - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll__BHODemonDisabled_NFOYIZNPOKOASSVYENREHYBWLANKUT (File not found) {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} "ZoneAlarm Security Engine Registrar" - "Check Point Software Technologies" - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} "ZoneAlarm-Sicherheit Toolbar" - "Conduit Ltd." - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DLADiag" - "Roxio" - C:\Windows\DLADiag.EXE "ISUSPM Startup" - "Macrovision Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start "ISW" - "Check Point Software Technologies" - "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task" - "Apple Inc." - "C:\Program Files\QTTask.exe" -atboottime "RoxWatchTray" - "Sonic Solutions" - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ZoneAlarm Client" - "Check Point Software Technologies LTD" - "C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "TrueVector Internet Monitor" (vsmon) - "Check Point Software Technologies LTD" - C:\Windows\System32\ZoneLabs\vsmon.exe "ZoneAlarm Toolbar IswSvc" (IswSvc) - "Check Point Software Technologies" - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von kabuschi (30.06.2011 um 18:06 Uhr) |
|
30.06.2011, 18:07
| #15 |
| | Java-Virus JAVA/Stutter.E und hier noch MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1501
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 156):
0x81C51000 \SystemRoot\system32\ntkrnlpa.exe
0x81C1E000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\PSHED.dll
0x80420000 \SystemRoot\system32\BOOTVID.dll
0x80428000 \SystemRoot\system32\CLFS.SYS
0x80469000 \SystemRoot\system32\CI.dll
0x80549000 \SystemRoot\System32\drivers\abldctc.sys
0x80557000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805D3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80608000 \SystemRoot\system32\drivers\acpi.sys
0x8064E000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80657000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065F000 \SystemRoot\system32\drivers\pci.sys
0x80686000 \SystemRoot\System32\drivers\partmgr.sys
0x80695000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80698000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A2000 \SystemRoot\system32\drivers\volmgr.sys
0x806B1000 \SystemRoot\System32\drivers\volmgrx.sys
0x806FB000 \SystemRoot\system32\drivers\pciide.sys
0x80702000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80710000 \SystemRoot\System32\drivers\mountmgr.sys
0x80720000 \SystemRoot\system32\drivers\atapi.sys
0x80728000 \SystemRoot\system32\drivers\ataport.SYS
0x80746000 \SystemRoot\system32\drivers\fltmgr.sys
0x80778000 \SystemRoot\system32\drivers\fileinfo.sys
0x80788000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x8079E000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82204000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82275000 \SystemRoot\system32\drivers\ndis.sys
0x82380000 \SystemRoot\system32\drivers\msrpc.sys
0x823AB000 \SystemRoot\system32\drivers\NETIO.SYS
0x89009000 \SystemRoot\System32\drivers\tcpip.sys
0x890F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89208000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89318000 \SystemRoot\system32\drivers\volsnap.sys
0x89351000 \SystemRoot\System32\Drivers\spldr.sys
0x89359000 \SystemRoot\System32\Drivers\mup.sys
0x89368000 \SystemRoot\System32\drivers\ecache.sys
0x8938F000 \SystemRoot\system32\drivers\disk.sys
0x893A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x893C1000 \SystemRoot\system32\drivers\crcdisk.sys
0x893EA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x89111000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x893F3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8D201000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8D924000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D9C5000 \SystemRoot\System32\drivers\watchdog.sys
0x89121000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8D9D1000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x89196000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D9DB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D9EA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x891D4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DC07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DC94000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DCA7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DCB2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DCBD000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8DCCE000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8DCE8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DCEC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DD1B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8DD5C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DD67000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DD7E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8DD89000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DDAC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8DDBB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8DDCF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8DDE4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DDF4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807A7000 \SystemRoot\system32\DRIVERS\ks.sys
0x8DDF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D9EC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8DE06000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8DE3B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DE4C000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x8DE88000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x8E405000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x8E4B8000 \SystemRoot\system32\drivers\modem.sys
0x8E4C5000 \SystemRoot\system32\drivers\HdAudio.sys
0x8E504000 \SystemRoot\system32\drivers\portcls.sys
0x8E531000 \SystemRoot\system32\drivers\drmk.sys
0x8E556000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E55F000 \SystemRoot\System32\Drivers\Null.SYS
0x8E566000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E56D000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8E573000 \SystemRoot\System32\Drivers\DLADiagM.SYS
0x8E575000 \SystemRoot\System32\Drivers\DLAPMonM.SYS
0x8E58B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E592000 \SystemRoot\System32\drivers\vga.sys
0x8E59E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E5BF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E5C7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E5CF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E5DA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E5E8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DF8C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E5F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E57B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E5FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DFA2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8DFAA000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EA05000 \SystemRoot\system32\drivers\afd.sys
0x8EA4D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EA7F000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x8EB0A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EB20000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EB2E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EB41000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8EB47000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EB83000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8EB8D000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EBA4000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8EBCB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EBD8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8EBE3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95040000 \SystemRoot\System32\win32k.sys
0x8EBEB000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DFBE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95260000 \SystemRoot\System32\TSDDD.dll
0x95280000 \SystemRoot\System32\cdd.dll
0x8DFCD000 \SystemRoot\system32\drivers\luafv.sys
0x8DFE8000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8EBF5000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x8EA00000 \SystemRoot\System32\DLA\DLADResM.SYS
0x893CA000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x8E400000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x8EA01000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x8DC00000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x8D9F9000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x823E6000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x807D1000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x97609000 \SystemRoot\system32\drivers\spsys.sys
0x976B9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x976C9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x976F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x976FD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97710000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0x97718000 \SystemRoot\system32\drivers\HTTP.sys
0x97785000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x977A2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x977BB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x977D0000 \SystemRoot\system32\drivers\mrxdav.sys
0x805E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B605000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B63E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B656000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B67D000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B6CB000 \SystemRoot\system32\drivers\peauth.sys
0x9B7A9000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9B7D1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B7DB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B7E7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76FA0000 \Windows\System32\ntdll.dll
Processes (total 50):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
448 csrss.exe
500 C:\Windows\System32\wininit.exe
508 csrss.exe
568 C:\Windows\System32\winlogon.exe
584 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\audiodg.exe
1216 C:\Windows\System32\SLsvc.exe
1252 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\ZoneLabs\vsmon.exe
1708 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1812 C:\Windows\System32\spoolsv.exe
1836 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1848 C:\Windows\System32\svchost.exe
2024 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
272 C:\Windows\System32\svchost.exe
292 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1624 C:\Windows\System32\taskeng.exe
1320 C:\Windows\System32\dwm.exe
1932 C:\Windows\System32\taskeng.exe
2244 C:\Windows\System32\svchost.exe
2280 C:\Windows\System32\svchost.exe
2372 C:\Windows\System32\SearchIndexer.exe
3136 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3184 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3200 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
3216 C:\Users\***\***\Programme\ZoneAlarm\ZoneAlarm\Update3\ZoneAlarm\zlclient.exe
3252 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3268 C:\Program Files\Windows Media Player\wmpnscfg.exe
3396 C:\Program Files\Windows Media Player\wmpnetwk.exe
3680 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
3828 C:\Program Files\Internet Explorer\iedw.exe
3912 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
3432 C:\Program Files\Internet Explorer\iexplore.exe
3072 C:\Windows\System32\wuauclt.exe
3152 C:\Windows\explorer.exe
2236 C:\Windows\System32\SearchProtocolHost.exe
3128 C:\Windows\System32\SearchFilterHost.exe
3768 C:\Users\***\Desktop\MBRCheck.exe
3160 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87600000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK8037GSX, Rev: DL240D
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
|
|
| Themen zu Java-Virus JAVA/Stutter.E |
| adware.yabector, aktiv, antivir, beseitigen, erkennen, fenster, geöffnete, java-virus, java/stutter.e, nicht mehr, nicht mehr öffnen, quarantäne, rückmeldung, stutter.e, systems, systemsteuerung, virus, weißes, weißes fenster, öffnen |
Linear-Darstellung
