Bitte um Überprüfung |
||
---|---|---|
#0
| ||
27.11.2009, 11:31
...neu hier
Beiträge: 7 |
||
|
||
27.11.2009, 11:38
Ehrenmitglied
Beiträge: 6028 |
||
|
||
27.11.2009, 12:03
...neu hier
Themenstarter Beiträge: 7 |
#3
hier eine Warnmeldung von Avira Premium:
In der Datei 'C:\Dokumente und Einstellungen\HS\Lokale Einstellungen\Temporary Internet Files\Content.IE5\IV5BSFRB\if_scroll-min.09.47.1-f0af8f35097cd639b1017afb7bf1e92b[1].js' wurde ein Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic] gefunden. Ausgeführte Aktion: Zugriff verweigern ComboFix 09-11-26.02 - HS 27.11.2009 10:42.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1439 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\HS\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1670584178-3124717995-3242443491-1000 c:\$recycle.bin\S-1-5-21-3586727027-282984535-4070597817-1000 c:\dokumente und einstellungen\HS\Eigene Dateien\Reg-Sicherung-9.08.reg c:\programme\IEToolbar c:\windows\system32\clrviddc.dll c:\windows\TEMP\logishrd\LVPrcInj06.dll . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((( Dateien erstellt von 2009-10-27 bis 2009-11-27 )))))))))))))))))))))))))))))) . 2009-11-27 09:01 . 2009-11-27 09:01 -------- d-----w- c:\dokumente und einstellungen\HS\Anwendungsdaten\Malwarebytes 2009-11-27 09:01 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-27 09:01 . 2009-11-27 09:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-11-27 09:01 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-26 13:49 . 2009-11-26 13:49 -------- d-----w- c:\dokumente und einstellungen\HS\Anwendungsdaten\Avira 2009-11-26 13:39 . 2009-11-26 13:39 -------- d-----w- c:\dokumente und einstellungen\LocalService\Startmenü 2009-11-26 13:39 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-26 13:39 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-26 13:39 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-26 13:39 . 2009-11-26 13:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira 2009-11-26 13:39 . 2009-11-26 13:39 -------- d-----w- c:\programme\Avira 2009-11-25 12:43 . 2009-11-25 13:44 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Temp . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-27 09:39 . 2008-02-10 08:53 -------- d-----w- c:\dokumente und einstellungen\HS\Anwendungsdaten\FRITZ! 2009-11-26 19:11 . 2008-02-15 14:10 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-11-26 18:15 . 2008-02-09 09:15 -------- d-----w- c:\programme\Mozilla Thunderbird 2009-11-26 12:09 . 2008-02-18 18:35 1246752 ----a-w- c:\windows\system32\AutoPartNt.exe 2009-11-25 13:45 . 2006-02-28 12:00 49226 ----a-w- c:\windows\system32\perfc007.dat 2009-11-25 13:45 . 2006-02-28 12:00 318436 ----a-w- c:\windows\system32\perfh007.dat 2008-06-02 17:25 . 2008-06-02 17:25 42078 ----a-w- c:\programme\Scherpe.ged 2008-09-23 08:29 . 2008-09-23 08:29 848 --sha-w- c:\windows\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-08-06 14:20 279944 ----a-w- c:\programme\AskBarDis\bar\bin\askBar.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776] "SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632] "SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-26 148888] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920] "NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160] "LogitechQuickCamRibbon"="c:\programme\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "DT LGE"="c:\programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe" [2007-10-11 81920] "COMODO SafeSurf"="c:\programme\COMODO\SafeSurf\cssurf.exe" [2008-09-12 278264] "COMODO Firewall Pro"="c:\programme\Comodo\Firewall\CPF.exe" [2008-10-08 1115728] "amd_dc_opt"="c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "Ad-Watch"="c:\programme\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-19 518488] "AcronisTimounterMonitor"="c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 1966928] "Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024] "UnlockerAssistant"="d:\tools\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\HS\Startmen\Programme\Autostart\ FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384] Microsoft Office Shortcut-Leiste (2).lnk - c:\windows\Installer\{00010407-78E1-11D2-B60F-006097C998E7}\misc.exe [2008-2-11 28160] c:\dokumente und einstellungen\HS\Startmen\Programme\Autostart\AutorunsDisabled Office-Start.lnk - d:\programme\Office\Office\OSA.EXE [1996-12-14 51984] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\cssdll32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"= "c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"= "c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"= "c:\\Programme\\K1RFD\\EchoLink\\EchoLink.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\Tools\\SiSoftSandra\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "d:\\Tools\\SiSoftSandra\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23.02.2009 15:47 64160] R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [09.02.2008 18:07 14949] R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [12.04.2008 16:40 11392] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [26.11.2009 14:39 194817] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [26.11.2009 14:39 108289] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [26.11.2009 14:39 434945] R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [09.02.2008 18:07 652592] R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 10:14 87344] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 22:34 1003344] R2 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\tools\SiSoftSandra\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [14.06.2008 10:05 98488] S2 gupdate1c98f6a8eee6224;Google Update Service (gupdate1c98f6a8eee6224);c:\programme\Google\Update\GoogleUpdate.exe [15.02.2009 13:39 133104] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.03.2009 10:27 1684736] S3 AMDMSRIO;AMDMSRIO;\??\c:\dokume~1\HS\LOKALE~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys --> c:\dokume~1\HS\LOKALE~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys [?] S3 cjusb;REINER SCT cyberJack pinpad/e-com USB;c:\windows\system32\drivers\cjusb.sys [09.02.2008 17:19 23040] S3 DualCoreCenter;DualCoreCenter;\??\d:\tools\MSI-Live Update\DualCoreCenter_MB\DualCoreCenter\NTGLM7X.sys --> d:\tools\MSI-Live Update\DualCoreCenter_MB\DualCoreCenter\NTGLM7X.sys [?] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\programme\Common\Database\bin\fbserver.exe [21.02.2008 17:02 1527900] S3 GrabsterSeries.X86;Grabster Series, Service X86;c:\windows\system32\drivers\GrabsterSeries.X86.SYS [21.02.2008 16:58 253824] S3 RushTopDevice2;RushTopDevice2;\??\d:\tools\MSI-Live Update\DualCoreCenter_MB\DualCoreCenter\RushTop.sys --> d:\tools\MSI-Live Update\DualCoreCenter_MB\DualCoreCenter\RushTop.sys [?] S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [08.02.2008 19:51 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Inhalt des "geplante Tasks" Ordners 2009-08-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:24] 2009-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-02-15 12:39] 2009-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-02-15 12:39] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.focus.de/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Zur Filterliste hinzufügen (WebWasher) LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll LSP: c:\programme\FRITZ!DSL\\sarah.dll DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - c:\dokumente und einstellungen\HS\Anwendungsdaten\Mozilla\Firefox\Profiles\dbwy6dut.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.focus.de/|http://www.focus.de/ FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll FF - plugin: c:\programme\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\NPAskSBr.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: d:\programme\Picasa\Google\Picasa3\npPicasa2.dll FF - plugin: d:\programme\Picasa\Google\Picasa3\npPicasa3.dll . - - - - Entfernte verwaiste Registrierungseinträge - - - - AddRemove-Ad-Aware - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe REMOVE=TRUE MODIFY=FALSE AddRemove-MediaNavigation.CDLabelPrint - d:\treiber\IP4500\CD-LabelPrint\Uninstal.exe Canon.CDLabelPrint.Application AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI AddRemove-RealPlayer 6.0 - c:\programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-27 10:48 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="E7615FA8357087ED77B7E5BF2D324D8"OODEFRAG11.00.00.01WORKSTATION"="436323B346E930C77B0A5BB7A34CFBE --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'lsass.exe'(828) c:\windows\system32\relog_ap.dll c:\programme\Avira\AntiVir Desktop\avsda.dll c:\programme\FRITZ!DSL\sarah.dll c:\programme\FRITZ!DSL\block.dll - - - - - - - > 'explorer.exe'(1228) d:\tools\Unlocker\UnlockerHook.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\programme\Avira\AntiVir Desktop\avsda.dll c:\programme\FRITZ!DSL\sarah.dll c:\programme\FRITZ!DSL\block.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\SCardSvr.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe c:\programme\Java\jre6\bin\jqs.exe c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\tcpsvcs.exe c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wbem\wmiapsrv.exe c:\programme\Portrait Displays\forteManager\DTHtml.exe c:\programme\Gemeinsame Dateien\Portrait Displays\Shared\HookManager.exe c:\programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe d:\programme\Office\Office\1031\msoffice.exe c:\programme\FRITZ!DSL\StCenter.EXE . ************************************************************************** . Zeit der Fertigstellung: 2009-11-27 10:51 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-11-27 09:51 Vor Suchlauf: 11 Verzeichnis(se), 53.130.682.368 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 53.509.324.800 Bytes frei - - End Of File - - 86F6CFFBC59E933748C74B13614E7A22 Gruß Rolf |
|
|
||
27.11.2009, 13:08
Ehrenmitglied
Beiträge: 6028 |
#4
Oh,Mann,Oh,Mann wozu hat man Anleitungen
Bitte noch folgendes abarbeiten Punkt 2.4.5.6 http://board.protecus.de/t23188.htm __________ MfG Argus |
|
|
||
28.11.2009, 14:52
...neu hier
Themenstarter Beiträge: 7 |
#5
Hallo Argus,
sorry, habe nicht daran gedacht, ist ja eigentlich auch logisch! Noch kurz zum Virus: Bei Nutzung eines Online-Programms (www.verwandt.de) mit online Datenverwaltung meldet AntiVir: In der Datei 'C:\Dokumente und Einstellungen\HS\Lokale Einstellungen\Temporary Internet Files\Content.IE5\IV5BSFRB\if_scroll-min.09.47.1-f0af8f35097cd639b1017afb7bf1e92b[1].js' wurde ein Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic] gefunden. Ausgeführte Aktion: Zugriff verweigern Ich habe als Test eine vor 3 Monaten geklonte Festplatte eingesetzt mit gleichem Effekt! Ein Test mit meinem Labtop verlief negativ. Ich konnte das Programm voll nutzen. Hier die restlichen Logs: GMER 1.0.15.15252 - http://www.gmer.net Rootkit scan 2009-11-27 21:31:51 Windows 5.1.2600 Service Pack 3 Running: szs02vnx.exe; Driver: C:\DOKUME~1\HS\LOKALE~1\Temp\kftdipow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwConnectPort [0xB72930D2] SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateFile [0xB7295302] SSDT BAEDE26E ZwCreateKey SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreatePort [0xB729302C] SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateSection [0xB7293AAE] SSDT BAEDE264 ZwCreateThread SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteFile [0xB7294CB0] SSDT BAEDE273 ZwDeleteKey SSDT BAEDE27D ZwDeleteValueKey SSDT BAEDE282 ZwLoadKey SSDT BAEDE250 ZwOpenProcess SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenSection [0xB72939E0] SSDT BAEDE255 ZwOpenThread SSDT BAEDE28C ZwReplaceKey SSDT BAEDE287 ZwRestoreKey SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetContextThread [0xB7292BB4] SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetInformationFile [0xB7294DE0] SSDT BAEDE278 ZwSetValueKey SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwShutdownSystem [0xB7293FA0] SSDT BAEDE25F ZwTerminateProcess SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFile [0xB729514A] SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFileGather [0xB7294FB4] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9B99380, 0x346307, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 100015F1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100015A0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001534 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtCreateProcessEx 7C91D15E 1 Byte [E9] .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10001693 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 100015D6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10009A00 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 1000160C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100015BB C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 1000104C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10001642 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001627 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 1000156A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 1000107C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10009A80 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10001000 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 1000165D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 100011EF C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100013D5 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001183 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001168 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001132 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100010E1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 100010C6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 100010FC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1000114D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001384 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1000139F C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1000120A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001318 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 100012AC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1000119E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001276 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001225 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001240 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001333 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1000134E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100012E2 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001291 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100012FD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 100012C7 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1000125B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100013BA C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001117 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 412697F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125CE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413640C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4136412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413641F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001441 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001426 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 100013F0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 1000140B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 413644F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 1000145C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 10001477 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ws2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 100014AD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[792] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001492 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\WINDOWS\Explorer.EXE[1916] SHELL32.dll!SHFileOperationW 7E720924 5 Bytes JMP 00C31102 D:\Tools\Unlocker\UnlockerHook.dll .text C:\Programme\Comodo\Firewall\CPF.exe[2436] ntdll.dll!LdrLoadDll 7C9263C3 3 Bytes [FF, 25, 1E] .text C:\Programme\Comodo\Firewall\CPF.exe[2436] ntdll.dll!LdrLoadDll + 4 7C9263C7 2 Bytes [05, 5F] .text C:\Programme\Comodo\Firewall\CPF.exe[2436] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F08001E .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 100015F1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100015A0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001534 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtCreateProcessEx 7C91D15E 1 Byte [E9] .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10001693 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 100015D6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10009A00 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 1000160C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100015BB C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 1000104C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10001642 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001627 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 1000156A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 1000107C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10009A80 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10001000 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 1000165D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 100011EF C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100013D5 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001183 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001168 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001132 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100010E1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 100010C6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 100010FC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1000114D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001384 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1000139F C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1000120A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001318 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 100012AC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1000119E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001276 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001225 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001240 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001333 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1000134E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100012E2 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001291 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100012FD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 100012C7 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1000125B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100013BA C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001117 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413640C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4136412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413641F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001441 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001426 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 100013F0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 1000140B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 1000145C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 10001477 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ws2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 100014AD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001492 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 100015F1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100015A0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001534 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtCreateProcessEx 7C91D15E 1 Byte [E9] .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10001693 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 100015D6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10009A00 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 1000160C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100015BB C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 1000104C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10001642 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001627 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 1000156A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 1000107C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10009A80 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10001000 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 1000165D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 100011EF C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100013D5 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001183 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001168 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001132 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100010E1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 100010C6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 100010FC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1000114D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001384 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1000139F C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1000120A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001318 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 100012AC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1000119E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001276 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001225 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001240 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001333 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1000134E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100012E2 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001291 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100012FD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 100012C7 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1000125B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100013BA C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001117 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 412697F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125CE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413640C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4136412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413641F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001441 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001426 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 100013F0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 1000140B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 413644F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 1000145C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 10001477 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ws2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 100014AD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001492 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtAllocateVirtualMemory 7C91CF6E 5 Bytes JMP 100015F1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 100015A0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 10001534 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtCreateProcessEx 7C91D15E 1 Byte [E9] .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 10001693 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtDeleteFile 7C91D23E 5 Bytes JMP 100015D6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtFreeVirtualMemory 7C91D38E 5 Bytes JMP 10009A00 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtLoadDriver 7C91D46E 5 Bytes JMP 1000160C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtOpenFile 7C91D59E 5 Bytes JMP 100015BB C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 1000104C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 10001642 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtUnloadDriver 7C91DEBE 5 Bytes JMP 10001627 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 1000156A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 1000107C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!RtlAllocateHeap 7C9200C4 5 Bytes JMP 10009A80 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 10001000 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ntdll.dll!LdrGetProcedureAddress 7C927EA8 5 Bytes JMP 1000165D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 100011EF C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100013D5 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001183 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001168 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001132 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100010E1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 100010C6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 100010FC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1000114D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001384 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1000139F C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1000120A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001318 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 100012AC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1000119E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001276 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001225 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001240 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001333 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1000134E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100012E2 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001291 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100012FD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 100012C7 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1000125B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100013BA C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001117 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 412697F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125CE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413640C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4136412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413641F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] SHELL32.dll!ShellExecuteExW 7E6B996B 5 Bytes JMP 10001441 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] SHELL32.dll!ShellExecuteEx 7E6F0EB5 5 Bytes JMP 10001426 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] SHELL32.dll!ShellExecuteA 7E6F11E0 5 Bytes JMP 100013F0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] SHELL32.dll!ShellExecuteW 7E765D48 5 Bytes JMP 1000140B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 413644F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 1000145C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 10001477 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ws2_32.dll!WSASocketW 71A1404E 7 Bytes JMP 100014AD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 10001492 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [BA91B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BA91B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BA91B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BA91B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BA91B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BA91B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BA91B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BA91B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BA91B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BA91B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BA91B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BA91B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BA91B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BA91B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BA91B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BA91B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BA91B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BA91B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA91B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BA91B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BA91B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BA91B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BA91B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [BA91B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [BA91B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [BA91B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [BA91B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[792] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT D:\Tools\gmer\szs02vnx.exe[1524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT D:\Tools\gmer\szs02vnx.exe[1524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT D:\Tools\gmer\szs02vnx.exe[1524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT D:\Tools\gmer\szs02vnx.exe[1524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02AB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02AB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02AB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02AB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\QuickCam\Quickcam.exe[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01882F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\QuickCam\Quickcam.exe[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01882CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\QuickCam\Quickcam.exe[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01882D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\QuickCam\Quickcam.exe[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01882CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[2856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[3896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[4040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Tcpip \Device\Udp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION ---- EOF - GMER 1.0.15 ---- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:09:13, on 28.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Avira\AntiVir Desktop\avmailc.exe C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\cjpcsc.exe C:\Programme\COMODO\Firewall\cmdagent.exe D:\Tools\CPU-Tester\CPUCooL\CooLSrv.exe C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\dtsrvc.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Logitech\QuickCam\Quickcam.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\COMODO\SafeSurf\cssurf.exe C:\WINDOWS\system32\nvsvc32.exe D:\Tools\SiSoftSandra\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Comodo\Firewall\CPF.exe C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\HookManager.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe D:\Tools\Unlocker\UnlockerAssistant.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\FRITZ!DSL\FwebProt.exe C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe D:\Programme\Office\Office\1031\msoffice.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\FRITZ!DSL\StCenter.EXE C:\WINDOWS\System32\svchost.exe c:\programme\avira\antivir desktop\avcenter.exe C:\Programme\Mozilla Thunderbird\thunderbird.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE D:\Tools\HijackThis\HJT.exe C:\Programme\Skype\Toolbars\Shared\SkypeNames.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.focus.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [DT LGE] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe -LGE O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programme\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programme\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Tools\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe O4 - Startup: Microsoft Office Shortcut-Leiste (2).lnk = ? O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all04.kundenserver.de/app/static/activex/msxml4.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\WINDOWS\system32\cjpcsc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programme\COMODO\Firewall\cmdagent.exe O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\Tools\CPU-Tester\CPUCooL\CooLSrv.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing) O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\dtsrvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Programme\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate1c98f6a8eee6224) (gupdate1c98f6a8eee6224) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - D:\Tools\SiSoftSandra\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- End of file - 11974 bytes Uninstall List AcronisTrueImageHome Ad-Aware Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Ahnenblatt 2.56 ALF-BanCo 3 AMD Processor Driver Apple Software Update Ask Toolbar Avira AntiVir Premium AVM FRITZ!Box Dokumentation AVM FRITZ!DSL AVM FRITZ!fax Biet-O-Matic v2.4.1 Broadcast Partners Radix RDS 2 Canon iP4500 series Canon iP4500 series Benutzerregistrierung Canon PIXMA iP5000 CCleaner (remove only) COMODO Firewall Pro COMODO SafeSurf Corel Paint Shop Pro X CPUCooL (remove only) CQ100 cyberJack Base Components Defraggler (remove only) DMI Browse Dual-Core Optimizer EchoLink ElsterFormular 2007/2008 ElsterFormular 2008/2009 EPSON Scan EVEREST Home Edition v2.20 Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) forteManager Foxit PDF Editor Foxit PDF IFilter Foxit Reader FreeUndelete Google Earth Google Earth Plugin Google Toolbar for Firefox Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Google Update Helper HijackThis 2.0.2 Hotfix für Windows Internet Explorer 7 (KB947864) Hotfix für Windows XP (KB976098-v2) IrfanView (remove only) Java(TM) 6 Update 13 Logitech QuickCam Logitech QuickCam-Treiberpaket Malwarebytes' Anti-Malware Microsoft AutoRoute 2005 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox (3.5) Mozilla Thunderbird (2.0.0.23) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyHeritage Family Tree Builder Nero 8 neroxml OpenOffice.org 3.1 Paxon 2.00 PC Inspector File Recovery PC-Radio Express Personal Ancestral File 5 Picasa 3 Privoxy 3.0.6 QsoTV Realtek High Definition Audio Driver Samsung SF-370_CF-370 Series SDK Sicherheitsupdate für Windows Internet Explorer 7 (KB938127) Sicherheitsupdate für Windows Internet Explorer 7 (KB942615) Sicherheitsupdate für Windows Internet Explorer 7 (KB944533) Sicherheitsupdate für Windows Internet Explorer 7 (KB950759) Sicherheitsupdate für Windows Internet Explorer 7 (KB953838) Sicherheitsupdate für Windows Internet Explorer 7 (KB956390) Sicherheitsupdate für Windows Internet Explorer 7 (KB958215) Sicherheitsupdate für Windows Internet Explorer 7 (KB960714) Sicherheitsupdate für Windows Internet Explorer 7 (KB961260) Sicherheitsupdate für Windows Internet Explorer 8 (KB969897) Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) Sicherheitsupdate für Windows Internet Explorer 8 (KB972260) Sicherheitsupdate für Windows Internet Explorer 8 (KB974455) Sicherheitsupdate für Windows Media Player (KB954155) Sicherheitsupdate für Windows Media Player (KB968816) Sicherheitsupdate für Windows Media Player (KB973540) Sicherheitsupdate für Windows XP (KB956744) Sicherheitsupdate für Windows XP (KB956844) Sicherheitsupdate für Windows XP (KB958869) Sicherheitsupdate für Windows XP (KB960859) Sicherheitsupdate für Windows XP (KB961371) Sicherheitsupdate für Windows XP (KB961501) Sicherheitsupdate für Windows XP (KB968537) Sicherheitsupdate für Windows XP (KB969059) Sicherheitsupdate für Windows XP (KB969898) Sicherheitsupdate für Windows XP (KB969947) Sicherheitsupdate für Windows XP (KB970238) Sicherheitsupdate für Windows XP (KB971486) Sicherheitsupdate für Windows XP (KB971557) Sicherheitsupdate für Windows XP (KB971633) Sicherheitsupdate für Windows XP (KB971657) Sicherheitsupdate für Windows XP (KB973346) Sicherheitsupdate für Windows XP (KB973354) Sicherheitsupdate für Windows XP (KB973507) Sicherheitsupdate für Windows XP (KB973525) Sicherheitsupdate für Windows XP (KB973869) Sicherheitsupdate für Windows XP (KB974112) Sicherheitsupdate für Windows XP (KB974571) Sicherheitsupdate für Windows XP (KB975025) Sicherheitsupdate für Windows XP (KB975467) SiSoftware Sandra Lite XII.SP2c Skype web features Skype™ 4.1 Spybot - Search & Destroy System Requirements Lab Tor 0.2.0.30 Turbo Lister 2 Unlocker 1.8.5 Update für Windows Internet Explorer 8 (KB968220) Update für Windows XP (KB968389) Update für Windows XP (KB973687) Update für Windows XP (KB973815) VCRedistSetup verwandt.de - Home Edition 1.01 Vidalia 0.1.8 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Service Pack 3 WinRAR |
|
|
||
28.11.2009, 20:34
Ehrenmitglied
Beiträge: 6028 |
#6
CombiFix entfernen
Start > Ausführen> Kopiere rein combofix /uninstall OK Entferne auf C:\combofix.txt Entferne auf C:\combofix Entferne C:\Dokumente und Einstellungen\HS\Lokale Einstellungen\Temporary Internet Files\Content.IE5\IV5BSFRB\ CleanUP (by stevengould.org) Nicht fuer Windows Vista Anleitung: http://www.virus-protect.org/cleanup.html Wenn man CleanUp weiter benutzen will das haeckchen bei Delete Prefetch files entfernen! Starte dein Rechner neu Entferne via Software Ask Toolbar Update Java http://board.protecus.de/t32385.htm Scanne mit SuperAntSpyware(Online) http://board.protecus.de/t38113.htm __________ MfG Argus |
|
|
||
30.11.2009, 12:50
...neu hier
Themenstarter Beiträge: 7 |
#7
Hallo Argus,
ich habe die vorgenannten Maßnahmen durchgeführt, leider ist das Virus immer noch da. Werde jetzt das Betriebssystem neu aufspielen. Das dauert zwar, bis alles wieder installiert ist, aber dann wird wohl hoffentlich Ruhe sein. Vielen Dank nochmal für die Unterstützung. Gruß Rolf |
|
|
||
30.11.2009, 17:23
Ehrenmitglied
Beiträge: 6028 |
||
|
||
30.11.2009, 19:32
...neu hier
Themenstarter Beiträge: 7 |
#9
MalAware - Version 30.11.2009 15:45:51
Letztes Update: 30.11.2009 15:45:51 Scan Einstellungen: Scan Methode: Schneller Scan Objekte: Speicher, Traces Säuberung: Aus Scan Beginn: 30.11.2009 19:04:03 HKEY_LOCAL_MACHINE\software\Classes\IMsiDe1egate.Application.1 AskTBar Gescannt Dateien: 461 Traces: 46890 Cookies: 0 Prozesse: 58 Gefunden Dateien: 0 Traces: 1 Cookies: 0 Prozesse: 0 Scan Ende: 30.11.2009 19:04:25 Scan Zeit: 00:00:22 |
|
|
||
30.11.2009, 20:57
Ehrenmitglied
Beiträge: 6028 |
||
|
||
01.12.2009, 11:24
...neu hier
Themenstarter Beiträge: 7 |
#11
a-squared Free - Version 4.5
Letztes Update: 01.12.2009 09:31:52 Scan Einstellungen: Scan Methode: Eigener Scan Objekte: Speicher, Traces, Cookies, C:\, D:\, E:\ Archiv Scan: An Heuristik: An ADS Scan: An Scan Beginn: 01.12.2009 10:30:22 C:\Dokumente und Einstellungen\HS\Cookies\hs@doubleclick[2].txt gefunden: Trace.TrackingCookie.doubleclick!A2 C:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll gefunden: Riskware.WebToolbar.Win32.MyWebSearch.ek!A2 Gescannt Dateien: 265989 Traces: 658155 Cookies: 177 Prozesse: 54 Gefunden Dateien: 1 Traces: 0 Cookies: 1 Prozesse: 0 Registry Keys: 0 Scan Ende: 01.12.2009 11:18:38 Scan Zeit: 0:48:16 C:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll Gelöscht Riskware.WebToolbar.Win32.MyWebSearch.ek!A2 C:\Dokumente und Einstellungen\HS\Cookies\hs@doubleclick[2].txt Gelöscht Trace.TrackingCookie.doubleclick!A2 Gelöscht Dateien: 1 Traces: 0 Cookies: 1 AntiVir Premium meldet weiterhin: In der Datei 'C:\Dokumente und Einstellungen\HS\Lokale Einstellungen\Temporary Internet Files\Content.IE5\J6E0M1MQ\thickbox-min-min.09.47.1-f0af8f35097cd639b1017afb7bf1e92b[1].js' wurde ein Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic] gefunden. Ausgeführte Aktion: Datei in Quarantäne verschieben Dieser Beitrag wurde am 01.12.2009 um 11:32 Uhr von Rolf.S editiert.
|
|
|
||
Gruß Rolf
Hier der Scan von Malwarebytes:
27.11.2009 10:05:33
mbam-log-2009-11-27 (10-05-27).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 103695
Laufzeit: 2 minute(s), 33 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 6
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
hier das Log von Combofix:
ComboFix 09-11-26.02 - HS 27.11.2009 10:42.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1439 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\HS\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1670584178-3124717995-3242443491-1000
c:\$recycle.bin\S-1-5-21-3586727027-282984535-4070597817-1000
c:\dokumente und einstellungen\HS\Eigene Dateien\Reg-Sicherung-9.08.reg
c:\programme\IEToolbar
c:\windows\system32\clrviddc.dll
c:\windows\TEMP\logishrd\LVPrcInj06.dll
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((( Dateien erstellt von 2009-10-27 bis 2009-11-27 ))))))))))))))))))))))))))))))
.
2009-11-27 09:01 . 2009-11-27 09:01 -------- d-----w- c:\dokumente und einstellungen\HS\Anwendungsdaten\Malwarebytes
2009-11-27 09:01 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-27 09:01 . 2009-11-27 09:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-11-27 09:01 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 13:49 . 2009-11-26 13:49 -------- d-----w- c:\dokumente und einstellungen\HS\Anwendungsdaten\Avira
2009-11-26 13:39 . 2009-11-26 13:39 -------- d-----w- c:\dokumente und einstellungen\LocalService\Startmenü
2009-11-26 13:39 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-26 13:39 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-26 13:39 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-26 13:39 . 2009-11-26 13:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-11-26 13:39 . 2009-11-26 13:39 -------- d-----w- c:\programme\Avira
2009-11-25 12:43 . 2009-11-25 13:44 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Temp
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-27 09:39 . 2008-02-10 08:53 -------- d-----w- c:\dokumente und einstellungen\HS\Anwendungsdaten\FRITZ!
2009-11-26 19:11 . 2008-02-15 14:10 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-11-26 18:15 . 2008-02-09 09:15 -------- d-----w- c:\programme\Mozilla Thunderbird
2009-11-26 12:09 . 2008-02-18 18:35 1246752 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-11-25 13:45 . 2006-02-28 12:00 49226 ----a-w- c:\windows\system32\perfc007.dat
2009-11-25 13:45 . 2006-02-28 12:00 318436 ----a-w- c:\windows\system32\perfh007.dat
2008-06-02 17:25 . 2008-06-02 17:25 42078 ----a-w- c:\programme\Scherpe.ged
2008-09-23 08:29 . 2008-09-23 08:29 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 14:20 279944 ----a-w- c:\programme\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-26 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"LogitechQuickCamRibbon"="c:\programme\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"DT LGE"="c:\programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe" [2007-10-11 81920]
"COMODO SafeSurf"="c:\programme\COMODO\SafeSurf\cssurf.exe" [2008-09-12 278264]
"COMODO Firewall Pro"="c:\programme\Comodo\Firewall\CPF.exe" [2008-10-08 1115728]
"amd_dc_opt"="c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Ad-Watch"="c:\programme\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-19 518488]
"AcronisTimounterMonitor"="c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 1966928]
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"UnlockerAssistant"="d:\tools\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\HS\Startmen\Programme\Autostart\
FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
Microsoft Office Shortcut-Leiste (2).lnk - c:\windows\Installer\{00010407-78E1-11D2-B60F-006097C998E7}\misc.exe [2008-2-11 28160]
c:\dokumente und einstellungen\HS\Startmen\Programme\Autostart\AutorunsDisabled
Office-Start.lnk - d:\programme\Office\Office\OSA.EXE [1996-12-14 51984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cssdll32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\Programme\\K1RFD\\EchoLink\\EchoLink.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Tools\\SiSoftSandra\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"d:\\Tools\\SiSoftSandra\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23.02.2009 15:47 64160]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [09.02.2008 18:07 14949]
R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [12.04.2008 16:40 11392]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [26.11.2009 14:39 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [26.11.2009 14:39 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [26.11.2009 14:39 434945]
R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [09.02.2008 18:07 652592]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 10:14 87344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 22:34 1003344]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\tools\SiSoftSandra\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [14.06.2008 10:05 98488]
S2 gupdate1c98f6a8eee6224;Google Update Service (gupdate1c98f6a8eee6224);c:\programme\Google\Update\GoogleUpdate.exe [15.02.2009 13:39 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.03.2009 10:27 1684736]
S3 AMDMSRIO;AMDMSRIO;\??\c:\dokume~1\HS\LOKALE~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys --> c:\dokume~1\HS\LOKALE~1\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys [?]
S3 cjusb;REINER SCT cyberJack pinpad/e-com USB;c:\windows\system32\drivers\cjusb.sys [09.02.2008 17:19 23040]
S3 DualCoreCenter;DualCoreCenter;\??\d:\tools\MSI-Live Update\DualCoreCenter_MB\DualCoreCenter\NTGLM7X.sys --> d:\tools\MSI-Live Update\DualCoreCenter_MB\DualCoreCenter\NTGLM7X.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\programme\Common\Database\bin\fbserver.exe [21.02.2008 17:02 1527900]
S3 GrabsterSeries.X86;Grabster Series, Service X86;c:\windows\system32\drivers\GrabsterSeries.X86.SYS [21.02.2008 16:58 253824]
S3 RushTopDevice2;RushTopDevice2;\??\d:\tools\MSI-Live Update\DualCoreCenter_MB\DualCoreCenter\RushTop.sys --> d:\tools\MSI-Live Update\DualCoreCenter_MB\DualCoreCenter\RushTop.sys [?]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [08.02.2008 19:51 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Inhalt des "geplante Tasks" Ordners
2009-08-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:24]
2009-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-15 12:39]
2009-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-15 12:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.focus.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Zur Filterliste hinzufügen (WebWasher)
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
LSP: c:\programme\FRITZ!DSL\\sarah.dll
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\dokumente und einstellungen\HS\Anwendungsdaten\Mozilla\Firefox\Profiles\dbwy6dut.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.focus.de/|http://www.focus.de/
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programme\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: d:\programme\Picasa\Google\Picasa3\npPicasa2.dll
FF - plugin: d:\programme\Picasa\Google\Picasa3\npPicasa3.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-Ad-Aware - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-MediaNavigation.CDLabelPrint - d:\treiber\IP4500\CD-LabelPrint\Uninstal.exe Canon.CDLabelPrint.Application
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-RealPlayer 6.0 - c:\programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-27 10:48
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E7615FA8357087ED77B7E5BF2D324D8 "
"OODEFRAG11.00.00.01WORKSTATION"="436323B346E930C77B0A5BB7A34CFBE
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\relog_ap.dll
c:\programme\Avira\AntiVir Desktop\avsda.dll
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll
- - - - - - - > 'explorer.exe'(1228)
d:\tools\Unlocker\UnlockerHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Avira\AntiVir Desktop\avsda.dll
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Portrait Displays\forteManager\DTHtml.exe
c:\programme\Gemeinsame Dateien\Portrait Displays\Shared\HookManager.exe
c:\programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
d:\programme\Office\Office\1031\msoffice.exe
c:\programme\FRITZ!DSL\StCenter.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-11-27 10:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-11-27 09:51
Vor Suchlauf: 11 Verzeichnis(se), 53.130.682.368 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 53.509.324.800 Bytes frei
- - End Of File - - 86F6CFFBC59E933748C74B13614E7A22