Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner / Malware ? Mail Account hat Spam Mails verschickt

Trojaner / Malware ? Mail Account hat Spam Mails verschickt


Plagegeister aller Art und deren Bekämpfung: Trojaner / Malware ? Mail Account hat Spam Mails verschickt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.06.2012, 12:37   #1
28missi
 
Trojaner / Malware ? Mail Account hat Spam Mails verschickt - Standard

Trojaner / Malware ? Mail Account hat Spam Mails verschickt


Hallo Zusammen!

Bin langsam verzweifelt. Hatte mir einen Trojaner eingefangen Rootkit.gen
Hatte dann auch noch worm32. Habe alles entfernt. Hatte damals Avira laufen. Habe jetzt auf Zone Alarm gewechselt in der Hoffnung mit einer guten Firewall mir erst gar keine neuen Bedrohungen einzufangen.
Nun hat mein Mail Account bei web.de letzte Nacht Spam Mails verschickt.
Waren die alten doch noch aktiv? Warum hat Zone Alarm nichts gefunden?

hier die Log DatenOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.06.2012 09:05:00 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Dokumente und Einstellungen\test\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,24 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 64,26% Memory free
1,83 Gb Paging File | 1,37 Gb Available in Paging File | 74,61% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,25 Gb Total Space | 24,82 Gb Free Space | 66,63% Space Free | Partition Type: NTFS
 
Computer Name: TEST-101EE4A811 | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.01 09:04:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\test\Desktop\OTL.exe
PRC - [2011.08.10 13:53:16 | 002,419,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011.08.10 13:31:08 | 000,072,848 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011.07.25 15:00:58 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.07.25 15:00:56 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011.07.22 09:49:26 | 000,511,920 | ---- | M] (REINER SCT) -- C:\WINDOWS\system32\cjpcsc.exe
PRC - [2011.06.09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.02.18 17:44:15 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003.09.08 15:48:26 | 000,065,536 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe
PRC - [2003.09.04 15:46:02 | 000,040,960 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2003.06.25 10:53:30 | 000,204,800 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2003.05.12 14:28:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2002.11.25 19:23:20 | 000,172,032 | ---- | M] (Agere Systems) -- C:\Programme\ltmoh\ltmoh.exe
PRC - [1997.10.18 00:00:00 | 000,051,984 | ---- | M] () -- C:\Programme\Microsoft Office\Office\OSA.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.05.31 09:38:16 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\SerialXP.dll
MOD - [2003.09.08 15:48:26 | 000,065,536 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe
MOD - [2003.05.12 14:28:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
MOD - [1997.10.18 00:00:00 | 003,782,416 | ---- | M] () -- C:\Programme\Microsoft Office\Office\MSO97.DLL
MOD - [1997.10.18 00:00:00 | 000,051,984 | ---- | M] () -- C:\Programme\Microsoft Office\Office\OSA.EXE
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\eeufail.dll -- (mggmh)
SRV - [2012.05.06 15:42:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.12.07 15:00:34 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\WINDOWS\system32\UpdSvc.dll -- (Update-Service)
SRV - [2011.08.10 13:53:16 | 002,419,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.07.25 15:00:58 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.07.22 09:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto | Running] -- C:\WINDOWS\system32\cjpcsc.exe -- (cjpcsc)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 14:00:00 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.14 14:00:00 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.14 14:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008.04.14 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008.04.14 14:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Wbutton.sys -- (Wbutton)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\23.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\test\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2011.08.10 13:31:08 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011.07.25 15:00:52 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.03.29 13:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cjusb.sys -- (cjusb)
DRV - [2010.11.06 14:11:12 | 000,035,008 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010.10.14 17:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010.10.14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010.09.21 16:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008.11.25 10:49:44 | 000,040,960 | R--- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rts5161ccid.sys -- (USBCCID)
DRV - [2008.04.14 14:00:00 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008.04.14 14:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008.04.14 14:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008.04.14 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2007.05.31 09:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006.04.28 17:26:46 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006.04.28 17:25:44 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006.04.28 17:25:40 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006.04.28 17:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2005.12.21 05:32:56 | 000,029,152 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb2vcom.sys -- (usb2vcom)
DRV - [2005.09.19 03:07:00 | 000,035,275 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwkUsb2K.sys -- (CHIPDRIVE USB SmartCardReader)
DRV - [2004.08.25 15:06:00 | 000,185,611 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TWKSER2K.sys -- (TWKSER2K)
DRV - [2004.01.02 20:52:00 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003.07.15 02:33:26 | 000,111,168 | ---- | M] (Applied Drivers Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cwawdm.sys -- (cs429x)
DRV - [2003.05.07 04:46:38 | 000,026,240 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wbsd.sys -- (WBSD) Winbond Secure Digital Storage (SD/MMC)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
DRV - [2003.04.24 02:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TWKMS.sys -- (TwkMs)
DRV - [2003.04.16 02:04:18 | 000,030,464 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wbms.sys -- (WBMS) Winbond Memory Stick Storage (MS)
DRV - [2003.02.14 20:59:14 | 001,169,792 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002.12.17 21:41:36 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie8_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?PC=BNHP
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{02DC2E6A-4707-456F-AE7A-CB12C4CC1787}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tl=gbn193052&tt=050412_30b&babsrc=SP_ss&mntrId=4c9fa22b000000000000000e356ecbd5
IE - HKCU\..\SearchScopes\{1BD30256-1263-4BDE-BA34-98DBBBA3AFC4}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{28A90140-3C17-454D-A26D-F38EC69C483F}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{75E3E68F-CE3C-4387-9EC3-BC67702BB0FE}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{7D3489F0-9553-4BDD-8299-CB1A8C3E85F5}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{BB47DE44-9AA3-4E82-AE9E-06732B7DDB4E}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{EBC4F45B-0875-4BC2-99AB-5FCDB9A8F578}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {fd639891-5cc6-45ae-9055-a7a6abb5a7a9}:1.2.12.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&tl=gbn193052&tt=050412_30b&babsrc=KW_ss&mntrId=4c9fa22b000000000000000e356ecbd5&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.688: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.688: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.688: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.02.18 17:45:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.05.09 14:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.01 15:30:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.12 14:00:13 | 000,000,000 | ---D | M]
 
[2010.02.12 16:27:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Extensions
[2010.02.12 16:27:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.30 14:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\extensions
[2011.07.23 14:22:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.30 14:18:24 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.12.10 10:20:04 | 000,000,000 | ---D | M] (Santander Chipcard Plugin) -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\extensions\{fd639891-5cc6-45ae-9055-a7a6abb5a7a9}
[2011.12.19 21:56:47 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\searchplugins\11-suche.xml
[2011.10.13 17:19:44 | 000,000,855 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\searchplugins\1und1-suche.xml
[2011.10.10 15:27:30 | 000,001,281 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\searchplugins\amazondotcom-de.xml
[2011.10.10 14:59:22 | 000,002,364 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\searchplugins\eBay-de.xml
[2011.12.19 21:56:47 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\searchplugins\englische-ergebnisse.xml
[2011.10.13 17:01:56 | 000,010,507 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\searchplugins\gmx-suche.xml
[2011.10.10 15:12:38 | 000,002,385 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\searchplugins\lastminute.xml
[2011.10.13 17:34:10 | 000,002,248 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\searchplugins\mailcom-search.xml
[2011.10.13 15:07:08 | 000,005,490 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Mozilla\Firefox\Profiles\605jkkz1.default\searchplugins\webde-suche.xml
[2012.05.01 15:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.01 15:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.05.01 15:30:14 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.01.22 17:10:05 | 000,138,614 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\TEST\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\605JKKZ1.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2008.09.15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npsnapfish.dll
[2007.04.11 07:17:00 | 000,954,368 | ---- | M] (PPI Financial Systems GmbH) -- C:\Programme\mozilla firefox\plugins\NP_SEBChipcardPlugin.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.05 20:49:12 | 000,002,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.17 22:50:18 | 000,441,479 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.1001-search.info
O1 - Hosts: 127.0.0.1    1001-search.info
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 15212 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe (Wistron)
O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VR-NetWorld Auftragsprüfung.lnk = C:\Programme\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A88DECB-188B-4A64-80E9-CE5FEB4BB59D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.17 16:08:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.01 09:04:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\test\Desktop\OTL.exe
[2012.06.01 08:43:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\test\Desktop\HiJackThis204.exe
[2012.06.01 07:18:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\test\Recent
[2012.06.01 07:01:32 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\test\Desktop\ccsetup319.exe
[2012.05.21 20:34:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Downloads
[2012.05.09 13:58:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky SDK
[2012.05.09 13:49:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Eigene Dateien\ForceField Shared Files
[2012.05.09 13:48:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\CheckPoint
[2012.05.09 13:48:35 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2012.05.09 13:48:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit
[2012.05.09 13:48:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\Conduit
[2012.05.09 13:48:28 | 000,000,000 | ---D | C] -- C:\Programme\ZoneAlarm-Sicherheit
[2012.05.09 13:46:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Check Point
[2012.05.09 13:46:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2012.05.09 13:45:53 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2012.05.09 13:20:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012.05.08 13:39:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\test\Desktop\Lokale Einstellungen
[2012.05.07 14:32:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\FastStone
[2012.05.07 14:32:52 | 000,000,000 | ---D | C] -- C:\Programme\FastStone Capture
[2012.05.07 14:32:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FastStone Capture
[2012.01.23 11:35:11 | 039,401,336 | ---- | C] (Apple Inc.) -- C:\Programme\QuickTimeInstaller.exe
[2011.12.07 14:58:44 | 000,541,544 | ---- | C] (JooSoft GmbH) -- C:\Programme\7z920.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.01 09:04:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\test\Desktop\OTL.exe
[2012.06.01 09:02:06 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\test\defogger_reenable
[2012.06.01 09:01:44 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\Defogger.exe
[2012.06.01 08:57:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.01 08:43:21 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\test\Desktop\HiJackThis204.exe
[2012.06.01 08:40:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.01 08:13:10 | 000,001,452 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\message-rfc822-attachment.eml
[2012.06.01 08:08:43 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-1993962763-1957994488-1003.job
[2012.06.01 08:08:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.01 08:08:19 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.01 07:14:17 | 000,278,352 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Eigene Dateien\cc_20120601_071402.reg
[2012.06.01 07:04:06 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Desktop\CCleaner.lnk
[2012.06.01 07:02:47 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\test\Desktop\ccsetup319.exe
[2012.05.31 08:36:04 | 000,010,726 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Eigene Dateien\VR-NetWorld.pdf
[2012.05.30 18:29:15 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-1993962763-1957994488-1003.job
[2012.05.21 20:35:27 | 000,000,022 | ---- | M] () -- C:\Dokumente und Einstellungen\test\Desktop\ausmalbild_kostenlos.zip
[2012.05.09 19:37:24 | 000,479,376 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.09 19:37:24 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.09 19:37:24 | 000,092,732 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.09 19:37:24 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.09 13:57:51 | 000,415,771 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.05.07 14:32:52 | 000,000,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Desktop\FastStone Capture.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.01 09:02:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\test\defogger_reenable
[2012.06.01 09:01:40 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\Defogger.exe
[2012.06.01 08:13:06 | 000,001,452 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\message-rfc822-attachment.eml
[2012.06.01 08:08:19 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.01 07:14:11 | 000,278,352 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Eigene Dateien\cc_20120601_071402.reg
[2012.05.21 20:34:54 | 000,000,022 | ---- | C] () -- C:\Dokumente und Einstellungen\test\Desktop\ausmalbild_kostenlos.zip
[2012.05.09 13:49:13 | 000,415,771 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.05.07 14:32:52 | 000,000,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Desktop\FastStone Capture.lnk
[2012.02.15 14:11:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.03 11:56:09 | 000,000,595 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012.01.02 20:03:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.02 20:03:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.02 20:03:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.02 20:03:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.02 20:03:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.02 17:56:26 | 000,103,981 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2012.01.02 17:56:26 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2011.12.21 15:02:26 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ParrotFlashWiz.INI
[2011.10.29 12:58:18 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SerialXP.dll
[2011.10.29 12:58:18 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\win32com.dll
[2011.10.09 10:54:17 | 000,000,364 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.10.05 18:24:07 | 000,001,296 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2010.09.21 17:42:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\SymSMR130.dat
 
========== LOP Check ==========
 
[2011.12.06 22:36:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\adisoft AG
[2011.12.07 15:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2010.02.04 22:53:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2012.03.19 15:57:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2012.05.09 13:46:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2012.01.20 16:14:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2012.05.09 13:58:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky SDK
[2010.02.07 16:28:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2009.04.25 10:25:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.10.29 12:58:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REINER SCT
[2012.01.20 17:26:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\1&1 Mail & Media GmbH
[2009.11.24 18:46:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\ACD Systems
[2012.01.03 12:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Buhl Data Service
[2012.05.09 13:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\CheckPoint
[2011.07.07 07:05:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Image Zone Express
[2010.02.05 10:03:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Lexware
[2009.09.29 14:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\MyPhoneExplorer
[2010.09.18 09:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\OpenOffice.org
[2011.12.11 17:14:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Teleca
[2010.02.12 16:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\test\Anwendungsdaten\Thunderbird
[2010.05.22 23:14:13 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\Install.job
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.06.2012 09:05:00 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Dokumente und Einstellungen\test\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,24 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 64,26% Memory free
1,83 Gb Paging File | 1,37 Gb Available in Paging File | 74,61% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,25 Gb Total Space | 24,82 Gb Free Space | 66,63% Space Free | Partition Type: NTFS
 
Computer Name: TEST-101EE4A811 | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9660:TCP" = 9660:TCP:*:Enabled:rrfhsf
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 30
"{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4886533F-EA40-40DC-B1BB-B13BF22B3CD1}" = ZoneAlarm Firewall
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA898D01-D4E3-43C6-8E25-70CA660B9F16}" = CHIPDRIVE extern/intern/micro treiber 3.1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4B76E93-3FC2-4E90-81EE-EE62948CFB03}" = Sony Ericsson Mobile Phone Monitor
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.1.0
"{ED9A325D-9622-4FD0-A731-73D23C6265F3}" = CapMan
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.26
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F32E8EE8-83AD-4553-B2F8-CBFB3ABDC179}" = ZoneAlarm Antivirus
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F50D4138-E662-4CFE-B297-5E8BF80A797E}" = ZoneAlarm Security
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"CCleaner" = CCleaner
"Excel" = Microsoft Excel 97
"FastStone Capture" = FastStone Capture 5.3
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Parrot Flash Update Wizard" = Parrot Software Update Tool
"Pocoyo Hot Season Screensaver" = Pocoyo Hot Season Screensaver
"RealPlayer 12.0" = RealPlayer
"Word8.0" = Microsoft Word 97
"ZoneAlarm Antivirus" = ZoneAlarm Antivirus
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2012 00:36:56 | Computer Name = TEST-101EE4A811 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 01.06.2012 00:36:56 | Computer Name = TEST-101EE4A811 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 01.06.2012 00:43:22 | Computer Name = TEST-101EE4A811 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 01.06.2012 00:43:23 | Computer Name = TEST-101EE4A811 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 01.06.2012 00:55:03 | Computer Name = TEST-101EE4A811 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 01.06.2012 00:55:03 | Computer Name = TEST-101EE4A811 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 01.06.2012 02:09:11 | Computer Name = TEST-101EE4A811 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 01.06.2012 02:09:11 | Computer Name = TEST-101EE4A811 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 01.06.2012 02:13:59 | Computer Name = TEST-101EE4A811 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 01.06.2012 02:13:59 | Computer Name = TEST-101EE4A811 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
[ System Events ]
Error - 01.06.2012 00:36:34 | Computer Name = TEST-101EE4A811 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
 
Error - 01.06.2012 00:36:35 | Computer Name = TEST-101EE4A811 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
 
Error - 01.06.2012 00:36:35 | Computer Name = TEST-101EE4A811 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Driver Installer" wurde mit folgendem Fehler beendet: 
%%126
 
Error - 01.06.2012 00:36:58 | Computer Name = TEST-101EE4A811 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
 
Error - 01.06.2012 00:36:58 | Computer Name = TEST-101EE4A811 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
 
Error - 01.06.2012 02:08:51 | Computer Name = TEST-101EE4A811 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
 
Error - 01.06.2012 02:08:52 | Computer Name = TEST-101EE4A811 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
 
Error - 01.06.2012 02:08:52 | Computer Name = TEST-101EE4A811 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Driver Installer" wurde mit folgendem Fehler beendet: 
%%126
 
Error - 01.06.2012 02:09:18 | Computer Name = TEST-101EE4A811 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
 
Error - 01.06.2012 02:09:18 | Computer Name = TEST-101EE4A811 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
 
 
< End of report >
--- --- ---
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-01 13:06:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4025GAS rev.KA100A
Running: omm346gc.exe; Driver: C:\DOKUME~1\test\LOKALE~1\Temp\kfryyaob.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB0F0266E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwClose [0xB0F02F02]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB0DD02F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateEvent [0xB0F037D0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB0DCA5CA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB0DE958A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateMutant [0xB0F036A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB0F02274]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB0DD0A80]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB0DE3E4E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB0DE423C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB0DED6F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB0F03902]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB0F0558C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateThread [0xB0F02BA0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB0DD0BB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB0F04F36]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB0DCB1E0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB0DEAE3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB0DEA7B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB0F03178]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB0DE2D8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateKey [0xB0F01FAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB0F02056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwFsControlFile [0xB0F02F84]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xB0DC5E88]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB0DEB794]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB0DEB99C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xB0DEDA5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB0F021A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenEvent [0xB0F03872]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB0DCADF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenKey [0xB0F016BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenMutant [0xB0F03740]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB0DE6160]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSection [0xB0F055B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB0F039A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB0DE5D8A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwProtectVirtualMemory [0xB0DFA090]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryKey [0xB0F02100]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB0F01D28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQuerySection [0xB0F05958]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryValueKey [0xB0F01978]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueueApcThread [0xB0F052A6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB0DEC72A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB0DEC060]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyPort [0xB0F03D2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB0F03BF4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB0DCFEC4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB0DED0FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwResumeThread [0xB0F05E30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSaveKey [0xB0F0132A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB0DD059C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetContextThread [0xB0F02DBE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB0DCB5A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationObject [0xB0DF9F7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetInformationToken [0xB0F04586]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB0DECC6A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xB0DC5648]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB0DE9F72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendProcess [0xB0F05B7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendThread [0xB0F05CA4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB0DE4EA4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB0DE4C20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwTerminateThread [0xB0F02956]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xB0DC629C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB0F0580E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB0F02AE0]
 
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) IoIsOperationSynchronous
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [80, 0A, DD, B0, 4E, 3E, DE, ...] {OR BYTE [EDX], 0xdd; MOV AL, 0x4e; FIDIV WORD DS:[EAX-0x4f21bdc4]}
.text ntoskrnl.exe!_abnormal_termination + 114 804E2780 16 Bytes [F6, D6, DE, B0, 02, 39, F0, ...]
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes [88, 5E, DC, B0, 94, B7, DE, ...]
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29B8 16 Bytes [2A, C7, DE, B0, 60, C0, DE, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [7C, 5B, F0, B0, A4, 5C, F0, ...]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E876A 5 Bytes JMP B0EF7382 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512969 5 Bytes JMP B0EF6FA8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab)
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\WINDOWS\system32\igfxtray.exe[232] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[232] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[232] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[232] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[232] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[232] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[232] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\igfxtray.exe[232] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[316] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[316] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[316] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[316] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[316] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[316] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[316] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[316] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[364] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[364] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[364] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[364] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[364] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[428] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[428] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[428] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[428] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[480] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[480] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[480] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[480] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[480] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 209F37DD C:\Programme\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[480] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[480] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[480] USER32.dll!DefDlgProcW + 56E 7E3742A8 5 Bytes JMP 20CB9270 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cjpcsc.exe[548] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cjpcsc.exe[548] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cjpcsc.exe[548] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cjpcsc.exe[548] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cjpcsc.exe[548] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cjpcsc.exe[548] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cjpcsc.exe[548] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\cjpcsc.exe[548] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[632] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[632] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[632] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[632] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[632] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[632] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[632] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[632] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[728] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[728] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[728] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[728] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[728] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[728] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[728] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[728] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[912] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[912] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[912] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[912] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[912] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1092] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1092] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1092] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1092] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1092] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1092] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1092] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\hkcmd.exe[1092] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[1140] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[1140] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[1140] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[1140] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[1140] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1148] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1148] USER32.dll!DefDlgProcW + 56E 7E3742A8 5 Bytes JMP 20CB9270 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\HPZipm12.exe[1428] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\HPZipm12.exe[1428] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\HPZipm12.exe[1428] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\HPZipm12.exe[1428] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\HPZipm12.exe[1428] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\HPZipm12.exe[1428] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\HPZipm12.exe[1428] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\HPZipm12.exe[1428] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1472] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1472] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1564] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\ltmoh\Ltmoh.exe[1816] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\ltmoh\Ltmoh.exe[1816] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\ltmoh\Ltmoh.exe[1816] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\ltmoh\Ltmoh.exe[1816] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\ltmoh\Ltmoh.exe[1816] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\ltmoh\Ltmoh.exe[1816] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\ltmoh\Ltmoh.exe[1816] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\ltmoh\Ltmoh.exe[1816] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\SCardSvr.exe[2032] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\SCardSvr.exe[2032] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\SCardSvr.exe[2032] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\SCardSvr.exe[2032] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\SCardSvr.exe[2032] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\SCardSvr.exe[2032] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\SCardSvr.exe[2032] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\SCardSvr.exe[2032] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2148] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2148] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2148] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2148] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2148] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2148] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2148] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2148] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\LaunchAp.exe[2200] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\LaunchAp.exe[2200] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\LaunchAp.exe[2200] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\LaunchAp.exe[2200] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\LaunchAp.exe[2200] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\LaunchAp.exe[2200] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\LaunchAp.exe[2200] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\LaunchAp.exe[2200] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\HotkeyApp.exe[2344] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\HotkeyApp.exe[2344] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\HotkeyApp.exe[2344] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\HotkeyApp.exe[2344] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\HotkeyApp.exe[2344] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\HotkeyApp.exe[2344] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\HotkeyApp.exe[2344] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\HotkeyApp.exe[2344] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\OSD.exe[2504] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\OSD.exe[2504] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\OSD.exe[2504] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\OSD.exe[2504] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\OSD.exe[2504] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\OSD.exe[2504] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\OSD.exe[2504] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\OSD.exe[2504] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\Wbutton.exe[2572] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\Wbutton.exe[2572] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\Wbutton.exe[2572] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\Wbutton.exe[2572] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\Wbutton.exe[2572] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\Wbutton.exe[2572] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\Wbutton.exe[2572] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Launch Manager\Wbutton.exe[2572] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2672] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2672] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2672] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2672] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2672] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2672] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2672] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[2672] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2760] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2760] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2760] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2760] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2760] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2760] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2760] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2760] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZoneAlarm\zatray.exe[2928] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZoneAlarm\zatray.exe[2928] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZoneAlarm\zatray.exe[2928] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZoneAlarm\zatray.exe[2928] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZoneAlarm\zatray.exe[2928] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZoneAlarm\zatray.exe[2928] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZoneAlarm\zatray.exe[2928] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZoneAlarm\zatray.exe[2928] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2952] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2952] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2952] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2952] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2952] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2952] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2952] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2952] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Microsoft Office\Office\OSA.EXE[3088] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Microsoft Office\Office\OSA.EXE[3088] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Microsoft Office\Office\OSA.EXE[3088] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Microsoft Office\Office\OSA.EXE[3088] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Microsoft Office\Office\OSA.EXE[3088] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Microsoft Office\Office\OSA.EXE[3088] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Microsoft Office\Office\OSA.EXE[3088] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Microsoft Office\Office\OSA.EXE[3088] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\test\Desktop\omm346gc.exe[3432] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\test\Desktop\omm346gc.exe[3432] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\test\Desktop\omm346gc.exe[3432] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\test\Desktop\omm346gc.exe[3432] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\test\Desktop\omm346gc.exe[3432] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\test\Desktop\omm346gc.exe[3432] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\test\Desktop\omm346gc.exe[3432] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\test\Desktop\omm346gc.exe[3432] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3512] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3512] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3512] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3512] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3512] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3512] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[3512] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
 
---- Devices - GMER 1.0.15 ----
 
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
 
---- EOF - GMER 1.0.15 ----
--- --- ---

Hoffe ich habe nichts vergessen. Wie mach ich weiter?

Danke im voraus

 

Themen zu Trojaner / Malware ? Mail Account hat Spam Mails verschickt
.com, avira, bho, ccsetup, conduit, error, excel, fehler, firefox, flash player, helper, hijack, hijackthis, hotkey.sys, kaspersky, langsam, launch, libusb0.sys, logfile, malware, mozilla, nodrives, ntdll.dll, officejet, origin, plug-in, realtek, registry, richtlinie, rundll, scan, search the web, searchscopes, security, software, stick, trojaner, warum, windows internet, wiso, zone alarm


« Eine Art Bundespolizei-Trojaner? | AKM Trojaner »


Ähnliche Themen: Trojaner / Malware ? Mail Account hat Spam Mails verschickt


  1. E-mail: SPAM Mails von web.de Account verschickt
    Log-Analyse und Auswertung - 18.10.2015 (6)
  2. Von Strato E-Mail-Account werden ungewollt Spam-Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 01.10.2015 (28)
  3. Yahoo-Mail Account verschickt Spam, hinterlässt keine Spuren im Verschickt-Ordner Win8
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (11)
  4. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  5. Mail Account verschickt automatisch Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 01.04.2014 (11)
  6. Aol-Mail Account verschickt Spam - Trojaner?
    Log-Analyse und Auswertung - 27.02.2014 (1)
  7. GMX Account verschickt Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 09.02.2014 (11)
  8. Mein Account verschickt Spam-Mails....
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (7)
  9. Yahoo Mail Account verschickt Spam Mails
    Log-Analyse und Auswertung - 16.12.2012 (29)
  10. Mail-Account verschickt regelmäßig automatisch Spam-Mails aus meinem Postkorb
    Log-Analyse und Auswertung - 13.08.2012 (34)
  11. GMX Account verschickt Spam-Mails
    Überwachung, Datenschutz und Spam - 10.08.2012 (102)
  12. spam-mails von hotmail-account verschickt --> trojaner?
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (14)
  13. E-Mail Account verschickt (SPAM) Mails
    Log-Analyse und Auswertung - 26.06.2012 (36)
  14. Trojaner verschickt Spam-Mails aus meinem yahoo-Account
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (3)
  15. Spam-Mails mit meinem E-Mail-Account verschickt.
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (17)
  16. Windows Mail verschickt Spam-Mails über meinen Account
    Plagegeister aller Art und deren Bekämpfung - 19.10.2011 (26)
  17. E-Mail Account verschickt E-Mails. Nach Virenscann Trojaner gefunden!
    Plagegeister aller Art und deren Bekämpfung - 02.10.2010 (17)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner / Malware ? Mail Account hat Spam Mails verschickt - Hallo Zusammen! Bin langsam verzweifelt. Hatte mir einen Trojaner eingefangen Rootkit.gen Hatte dann auch noch worm32. Habe alles entfernt. Hatte damals Avira laufen. Habe jetzt auf Zone Alarm gewechselt in - Trojaner / Malware ? Mail Account hat Spam Mails verschickt...
Archiv
Du betrachtest: Trojaner / Malware ? Mail Account hat Spam Mails verschickt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19