hi, du hast aber noch nicht meine sicherheitshinweise durchgearbeitet oder?
die sind in post 47 auf der vorherigen seite.

ne .. sag ich ja grade .. wollte mich nur gleich mal melden, wenn ich wieder on bin .. das hat schon mal geklappt ..

und jetzt mach ich mal brav was du mir geschrieben hast ...

hi, das hatte ich übersehen, o da bekomme ich angst wenn jemand über mich her fällt :-)
wie gesagt als av würde ich zu emsisoft raten, 10 € halte ich auch für erschwinglich, wenn dir das programm dann zusagt :-) link zum shop sende ich dir dann wenn gewünscht

ja - schick mir den link .. gerne!

ausserdem musst du keine angst vor mir haben, wenn, fall ich eh nur ganz sanft über dich her .. bist ja so was wie mein retter - und bist jetzt lebenslänglich für mich verantwortlich .. also rein pc-technisch (keine angst^^) .. alte chinesische überlieferung

Markus, ich bin so erleichtert, kanns dir gar nicht sagen .. soll ich nicht wirklich nochmal testen - meinste, alles ist gut?

na

nu soll ich eine sicherung des systems machen, damit das service-pack installiert werden kann .. na klasse, wie mach ich das denn

instaliere dir erst mal emsisoft und gucke ob du damit zurecht kommst.
geb dir dann den link :-)
wir prüfen deine gesicherten daten am ende wenn das system abgesichert ist.
hmm ne sicherung machen, kann mich jetzt an die meldung nicht erinnern, ich glaub du musst einfach alle fenster schließen und dann auf ok klicken dann sollte es weiter gehen.

na dann schliess ich mal die fensterläden und klicke auf ok

wenn ich mich nicht zurückmelde, gabs ein problem .. ^^

hehe.
sorry ich hatte übrigens nen falschen link drinn, dies ist die anleitung zu sandboxie
Sandbox*Einstellungen |

na so weit bin ich ja noch gar nicht .. aber danke für den neuen link

hat also geklappt, die systemsicherung hat das teil dann von sich aus gemacht

du sagst chrome ist gut ... findest du firefox nicht so prickelnd? .. war bisher immer mit firefox drin ..

chrome sollte auf jeden fall sicherer sein und auf den meisten pcs auch schneller.
erweiterungen gibts dafür auch genug, musst also nciht verzichten.
falls er dir dann doch nicht zu sagt kann man ja den ff instalieren, aber mach erst mal in ruhe die updates etc.
http://www.update.microsoft.com
updates suchen, driver, wichtige und optionale updates instalieren, so lange bis es keine mehr gibt
ja ich hab gemerkt das ich leider seit n paar tagen nen falschen link in der anleitung hab und den ausgewechselt.

hmmm
an der stelle noch eine winzige frage .... das servicepack 3 das du verlinkt hast, ist für IT-Profis und was weiss ich .. ich habs mal dir blind vertrauend geholt, stand dabei, dass es für "einzelne" computer ein anderes gibt .. na schaden wirds ja nicht .. ist mir nur grad so eingefallen

ne das passt schon so.

hm

habe gerade wieder so "störungen" gehabt, hab zonealarm installiert und wieder die gleiche meldung bekommen über eine netzwerk-ip

hab unhooker geholt .. das protokoll poste ich gleich ... ich bin im falschen film ........

>SSDT State
NtConnectPort
Actual Address 0xBA2122F4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateFile
Actual Address 0xBA20C5CA
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateKey
Actual Address 0xBA22B58A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreatePort
Actual Address 0xBA212A80
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateProcess
Actual Address 0xBA225E4E
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateProcessEx
Actual Address 0xBA22623C
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateSection
Actual Address 0xBA22F6F6
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateWaitablePort
Actual Address 0xBA212BB6
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtDeleteFile
Actual Address 0xBA20D1E0
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtDeleteKey
Actual Address 0xBA22CE3C
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtDeleteValueKey
Actual Address 0xBA22C7B2
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtDuplicateObject
Actual Address 0xBA224D8A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtLoadKey
Actual Address 0xBA22D794
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtLoadKey2
Actual Address 0xBA22D99C
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtOpenFile
Actual Address 0xBA20CDF2
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtOpenProcess
Actual Address 0xBA228160
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtOpenThread
Actual Address 0xBA227D8A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtRenameKey
Actual Address 0xBA22E72A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtReplaceKey
Actual Address 0xBA22E060
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtRequestWaitReplyPort
Actual Address 0xBA211EC4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtRestoreKey
Actual Address 0xBA22F0FC
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSecureConnectPort
Actual Address 0xBA21259C
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSetInformationFile
Actual Address 0xBA20D5A4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSetSecurityObject
Actual Address 0xBA22EC6A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSetValueKey
Actual Address 0xBA22BF72
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSystemDebugControl
Actual Address 0xBA226EA4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtTerminateProcess
Actual Address 0xBA226C20
Hooked by: C:\WINDOWS\System32\vsdatant.sys

>Shadow
NtUserMessageCall
Actual Address 0xBA210D66
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtUserPostMessage
Actual Address 0xBA210EA8
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtUserPostThreadMessage
Actual Address 0xBA210FE0
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtUserRegisterRawInputDevices
Actual Address 0xBA20E97A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtUserSendInput
Actual Address 0xBA2113D4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

>Processes
>Drivers
>Stealth
>Files
>Hooks
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xBA2FD3A8 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xBA2FD3D4 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xBA2FD3E0 hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xBAA3DB4C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification at address 0xBAA3DB1C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xBAA3DB3C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xBAA3DB28 hook handler located in [vsdatant.sys]
[1028]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
[1300]explorer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump at address 0x7C8449FD hook handler located in [ISWDMP.dll]
[140]ForceField.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->user32.dll+0x000142A8, Type: Inline - RelativeJump at address 0x7E3742A8 hook handler located in [ISWSHEX.dll]
[1508]ISWSVC.exe-->kernel32.dll+0x00002C2C, Type: Inline - SEH at address 0x7C802C2C hook handler located in [unknown_code_page]
[1508]ISWSVC.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1508]ISWSVC.exe-->user32.dll+0x000142A8, Type: Inline - RelativeJump at address 0x7E3742A8 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[640]services.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[640]services.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[640]services.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[640]services.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[640]services.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[640]services.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[640]services.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[640]services.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

ich denke eher das ist ne fehlermeldung von zonealarm.
treten denn die andern probleme auf, endere mal alle passwörter und dann schauen obs noch erfolgreiche logins gibt von fremden.
ich persönlich würd auf zonealarm verzichten und die windows firewall nutzen
rootkit unhooker zeigt nur zonealarm driver und windows driver.