| |  Zone Alarm Antivirus findet Trojaner (mor.exe) - weiteres Vorgehen
 Hallo,
Zone Alarm Antivirus Vers 8.2.11.97 hat letzte Woche auf meinem XP Professional System (SP3 mit aktuellsten Updates) eine als Trojaner identifizierte Datei (Trojan_Rqansom.Win32.Birele.wxx) an folgendem Pfad C:\DundE\Jens\LokEinst\Temp\mor.exe gefunden. Die mor.exe wurde in Quarantäne verschoben.
Meine Frage ist was ich weiter zu unternehmen habe, damit mein Rechner sicher genutzt werden kann.
Ich habe im Netz schon gelesen, dass der mor.exe kein all zu schlimmer Trojaner sein soll. Bin immer wieder auf BKA Bezeichnungen gestoßen. Auf meinem Rechner sind keinerlei Auffälligkeiten aufgetreten, lediglich der Fund der Datei.
Es kann sein das ein Bekannter bei der Nutzung meines Rechners unsichere Downloads gemacht hat - dummer weise unter Adminrecht.
Hier im Forum wurde geraten eine genaue Analyse zu machen um das passende Vorgehen ableiten zu können.
Wäre euch super dankbar wenn ihr einen Blick auf die Log-Files werfen würdet bzw. mir eine Anleitung zu weiterem Vorgehen geben könntet.
Auch über eine Einschätzung der Gefährlichkeit dieses Trojaners (Fremdsteuerung, Datenabruf, Passwortmitschriften etc.) wäre ich dankbar.
OTL-TXT: PHP-Code: OTL logfile created on: 11.07.2012 01:24:43 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Dokumente und Einstellungen\Jens\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 77,89% Memory free
3,84 Gb Paging File | 3,54 Gb Available in Paging File | 92,20% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,00 Gb Total Space | 11,13 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 99,61 Gb Total Space | 36,78 Gb Free Space | 36,92% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 37,39 Gb Free Space | 74,78% Space Free | Partition Type: NTFS
Drive F: | 30,00 Gb Total Space | 23,22 Gb Free Space | 77,41% Space Free | Partition Type: NTFS
Drive G: | 345,70 Gb Total Space | 301,40 Gb Free Space | 87,18% Space Free | Partition Type: NTFS
Drive H: | 198,48 Gb Total Space | 34,85 Gb Free Space | 17,56% Space Free | Partition Type: NTFS
Drive K: | 1,94 Gb Total Space | 1,86 Gb Free Space | 96,23% Space Free | Partition Type: NTFS
Drive L: | 7,46 Gb Total Space | 7,36 Gb Free Space | 98,70% Space Free | Partition Type: NTFS
Computer Name: TANTRUM | User Name: Jens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012.07.11 01:19:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jens\Desktop\OTL.exe
PRC - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.11.14 22:59:02 | 003,246,040 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
PRC - [2011.09.22 23:20:44 | 005,587,832 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010.12.06 07:55:34 | 000,391,240 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2010.12.06 07:55:30 | 000,805,032 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- E:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.05.19 18:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2008.05.30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.02 12:55:24 | 000,634,947 | ---- | M] (Intuwave Ltd.) -- C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
PRC - [2006.03.02 12:54:16 | 000,290,816 | ---- | M] (Intuwave Ltd.) -- C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
PRC - [2004.03.18 10:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\iTouch\iTouch.exe
PRC - [2001.03.15 08:18:18 | 000,049,254 | ---- | M] (Adobe Systems Inc.) -- E:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2011.09.22 23:20:28 | 011,233,136 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- E:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2008.04.22 15:53:50 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\hcwChDB.dll
MOD - [2008.04.14 08:53:08 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008.04.14 08:53:08 | 000,118,272 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax
MOD - [2008.04.14 08:53:08 | 000,056,832 | ---- | M] () -- C:\WINDOWS\system32\MSDvbNP.ax
MOD - [2008.04.14 08:53:08 | 000,033,280 | ---- | M] () -- C:\WINDOWS\system32\PsisRndr.ax
MOD - [2008.04.14 08:52:24 | 000,363,520 | ---- | M] () -- C:\WINDOWS\system32\PsisDecd.dll
MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2012.06.24 18:35:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.17 10:28:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.11.14 22:59:02 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.12.06 07:55:30 | 000,805,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- E:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008.06.02 16:55:26 | 000,823,296 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Programme\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2008.05.30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Programme\WinTV\EPG Services\System\EPGService.exe -- (EPGService)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.05.03 14:07:08 | 000,526,608 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012.04.30 21:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012.01.09 18:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012.01.09 18:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012.01.09 18:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011.11.14 22:59:04 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.11.14 22:58:58 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011.11.14 22:58:57 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011.02.06 19:50:46 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010.08.26 05:33:38 | 005,386,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.04.17 18:59:02 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2008.04.17 18:58:00 | 000,560,640 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.01.15 11:44:14 | 000,091,264 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrsce.sys -- (zebrsce)
DRV - [2008.01.15 11:44:12 | 000,109,568 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdmc.sys -- (zebrmdmc) Sony Ericsson mRouter Port (WDM)
DRV - [2008.01.15 11:44:12 | 000,109,568 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdm.sys -- (zebrmdm) Sony Ericsson Port (WDM)
DRV - [2008.01.15 11:44:10 | 000,014,848 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrmdfl.sys -- (zebrmdfl)
DRV - [2008.01.15 11:44:08 | 000,083,200 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zebrbus.sys -- (zebrbus)
DRV - [2008.01.15 11:44:08 | 000,063,360 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\zebrceb.sys -- (zebrceb) Sony Ericsson Cable Emulation Bus (WDM)
DRV - [2004.05.20 20:47:22 | 000,258,560 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mrv8ka51.sys -- (W8100XP)
DRV - [2004.03.10 14:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2002.07.25 12:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk504.sys -- (USBCamera)
DRV - [2002.06.18 15:55:56 | 000,516,149 | ---- | M] (Digital Camera.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ca504av.sys -- (Ca504av)
DRV - [2001.08.10 08:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=cl&passive=1209600&continue=hxxp://www.google.com/calendar/render&followup=hxxp://www.google.com/calendar/render"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: E:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.08 18:42:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.05.23 23:48:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: E:\Programme\Mozilla Firefox\components [2012.06.17 10:28:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2012.01.08 18:42:04 | 000,000,000 | ---D | M]
[2009.01.03 21:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Extensions
[2012.03.24 22:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2012.03.24 22:59:48 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2012.03.24 22:59:46 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2012.03.24 22:59:48 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2012.03.24 22:59:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.03.24 22:59:49 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2012.03.24 22:59:48 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org
[2012.03.24 22:59:49 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach
[2012.07.05 10:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\ps2ashgo.default\extensions
[2011.02.16 12:42:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\ps2ashgo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.28 00:03:58 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\ps2ashgo.default\extensions\2020Player@2020Technologies.com
[2011.11.06 21:06:19 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Mozilla\Firefox\Profiles\ps2ashgo.default\extensions\firefox@ghostery(2).com
[2012.07.05 10:34:59 | 000,032,090 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\JENS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\PS2ASHGO.DEFAULT\EXTENSIONS\PAGERANK@ADDONFACTORY.IN.XPI
[2012.02.24 16:35:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.01.08 18:42:05 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- E:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
O1 HOSTS File: ([2001.08.18 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [DivXUpdate] REM "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
O4 - HKLM..\Run: [EPGServiceTool] REM C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe File not found
O4 - HKLM..\Run: [HotKey] REM C:\WINDOWS\Twain_32\FlatBed\HotKey.exe File not found
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [Nikon Message Center 2] REM C:\Programme\Nikon\Nikon Message Center 2\NkMC2.exe -s File not found
O4 - HKLM..\Run: [PC Suite for Smartphones] REM "E:\Programme\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions File not found
O4 - HKLM..\Run: [QuickTime Task] REM "E:\Programme\QuickTime\qttask.exe" -atboottime File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] REM "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [mRouterConfig] C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe (Intuwave Ltd.)
O4 - HKCU..\Run: [Skype] REM "E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = E:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = E:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\Autostart\TeamDrive2.lnk = E:\Programme\TeamDrive2.0\bin\TeamDrive2.exe (TeamDrive Systems GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - E:\Programme\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.03 16:10:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012.07.11 01:19:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jens\Desktop\OTL.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012.07.11 01:19:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jens\Desktop\OTL.exe
[2012.07.11 01:19:09 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\defogger_reenable
[2012.07.11 01:18:23 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Desktop\Defogger.exe
[2012.07.11 00:56:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.11 00:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.10 22:37:20 | 000,066,566 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Desktop\xxx.jpg
[2012.07.10 20:56:01 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.10 13:53:02 | 000,576,634 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.10 13:53:02 | 000,543,914 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.10 13:53:02 | 000,126,052 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.10 13:53:02 | 000,104,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.10 13:50:34 | 000,000,583 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\Autostart\TeamDrive2.lnk
[2012.07.10 13:48:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.10 13:48:06 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.08 20:00:36 | 000,011,105 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI
[2012.07.08 14:26:08 | 000,032,953 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Desktop\Domain Transfer Protokoll.jpg
[2012.07.08 12:27:45 | 000,053,055 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Desktop\xxx.jpg
[2012.07.08 12:14:37 | 000,057,077 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Desktop\xxx.jpg
[2012.07.04 10:58:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.02 22:40:48 | 000,077,999 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Desktop\xxx.pdf
[2012.06.19 00:25:41 | 000,056,700 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Desktop\dailydeal_email.jpg
[2012.06.14 21:42:47 | 000,142,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.14 10:06:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012.07.11 01:19:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\defogger_reenable
[2012.07.11 01:18:23 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Desktop\Defogger.exe
[2012.07.10 22:37:20 | 000,066,566 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Desktop\xxx.jpg
[2012.07.08 14:26:08 | 000,032,953 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Desktop\Domain Transfer Protokoll.jpg
[2012.07.08 12:27:45 | 000,053,055 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Desktop\xxx.jpg
[2012.07.08 12:14:37 | 000,057,077 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Desktop\xxx.jpg
[2012.07.02 22:40:47 | 000,077,999 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Desktop\xxx.pdf
[2012.06.19 00:25:41 | 000,056,700 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Desktop\xxx.jpg
[2012.05.24 21:01:00 | 001,556,992 | ---- | C] () -- C:\WINDOWS\is-BGOCE.exe
[2012.02.20 18:50:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.20 22:54:03 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.09 19:26:58 | 001,262,956 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE
[2012.01.09 19:26:58 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2012.01.07 00:02:45 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012.01.07 00:02:41 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2012.01.07 00:02:40 | 004,078,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2012.01.07 00:02:40 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012.01.07 00:02:40 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012.01.07 00:02:39 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.08.14 17:13:08 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2011.02.13 20:01:39 | 000,219,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.02.09 22:50:53 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.02.09 22:50:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.02.06 19:32:46 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.02.06 17:59:27 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\CMMs
[2011.02.06 17:59:27 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\CIOSupport
[2011.02.06 17:59:27 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Channel
[2011.02.06 17:59:27 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Carbon
[2011.02.06 17:59:27 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Calibrators
[2011.02.06 17:59:27 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Bundle
[2011.02.06 17:59:27 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT
[2011.02.06 17:59:27 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLes.DAT
[2011.02.06 17:59:26 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT
[2011.02.06 17:18:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011.02.06 16:23:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2011.02.06 16:23:21 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009.01.03 18:10:11 | 000,000,797 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Eudora.lnk
[color=#E56717]========== LOP Check ==========[/color]
[2011.02.06 20:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.06.22 17:46:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Boxtools
[2011.02.06 19:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.06.23 23:23:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.06.23 23:41:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2011.12.17 18:55:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2011.10.08 17:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverBoost
[2012.05.22 23:10:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011.02.06 17:59:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp
[2011.02.06 20:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon
[2011.02.06 18:04:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PageshotsPro
[2011.02.06 17:59:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PrintsService
[2011.02.06 17:59:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Repeat Routines
[2011.02.06 17:59:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sample Delay
[2012.01.04 14:10:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TeamDrive
[2011.11.06 20:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2011.10.08 17:16:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB
[2011.02.06 17:59:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15
[2011.07.31 15:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\0FD1D6DE-9803-43B1-906F-15E9FCF59F46
[2011.06.23 23:10:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\6C9DBE81-CBC9-498E-B186-356CFCF3087D
[2011.04.04 01:38:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Acronis
[2011.04.17 09:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\AE6464DC-54E3-4BA7-8F95-C82004329527
[2011.02.06 19:32:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Canneverbe Limited
[2011.06.23 23:41:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Canon
[2012.05.06 14:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\CheckPoint
[2012.03.11 00:55:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Cuttermaran
[2012.01.08 18:51:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\DDMSettings
[2012.01.08 21:04:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\DVDVideoSoft
[2011.11.14 22:59:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\E143B362-0696-4C9A-BA4C-AB8A8DFC5D01
[2012.05.22 23:11:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\elsterformular
[2012.07.08 15:16:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\FileZilla
[2009.01.04 15:38:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\InterTrust
[2012.03.24 23:11:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\JonDo
[2011.03.31 16:22:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Leadertech
[2012.04.20 21:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\MyPhoneExplorer
[2011.07.03 22:28:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Nikon
[2009.01.03 18:10:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Qualcomm
[2012.07.10 13:50:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\TeamDrive
[2011.11.06 21:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Teleca
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
EXTRA.TXT: PHP-Code: OTL Extras logfile created on: 11.07.2012 01:24:43 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Dokumente und Einstellungen\Jens\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 77,89% Memory free
3,84 Gb Paging File | 3,54 Gb Available in Paging File | 92,20% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,00 Gb Total Space | 11,13 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 99,61 Gb Total Space | 36,78 Gb Free Space | 36,92% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 37,39 Gb Free Space | 74,78% Space Free | Partition Type: NTFS
Drive F: | 30,00 Gb Total Space | 23,22 Gb Free Space | 77,41% Space Free | Partition Type: NTFS
Drive G: | 345,70 Gb Total Space | 301,40 Gb Free Space | 87,18% Space Free | Partition Type: NTFS
Drive H: | 198,48 Gb Total Space | 34,85 Gb Free Space | 17,56% Space Free | Partition Type: NTFS
Drive K: | 1,94 Gb Total Space | 1,86 Gb Free Space | 96,23% Space Free | Partition Type: NTFS
Drive L: | 7,46 Gb Total Space | 7,36 Gb Free Space | 98,70% Space Free | Partition Type: NTFS
Computer Name: TANTRUM | User Name: Jens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- E:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "E:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "E:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [open] -- "E:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- E:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- E:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Programme\sipgate X-Lite\sipgateXLite.exe" = E:\Programme\sipgate X-Lite\sipgateXLite.exe:*:Enabled:sipgateXLite -- ()
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
"C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe" = C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module -- (Intuwave Ltd.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00110407-78E1-11D2-B60F-006097C998E7}" = Microsoft Excel 2000 SR-1
"{00130407-78E1-11D2-B60F-006097C998E7}" = Microsoft PowerPoint 2000 SR-1
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37921810-D90B-4DFD-9284-BE35033B39C8}" = Mega Camera Manager
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{5884CB45-C54B-4550-BAD5-3E060FD75D17}" = ZoneAlarm Firewall
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{602EAEFC-0CB3-4443-AD55-3E550374CF20}" = Eudora
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E8FC19-2107-49DA-967F-23E1B5210D9C}" = ZoneAlarm Security
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D4DB0DF1-55C7-4B3D-A8E6-F8809F8D8D4C}" = TeamDrive
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E39C74DF-58FD-4E52-9888-2CC59DFB0B34}" = PowerQuest PartitionMagic Pro 7.0
"{F012A635-8E2C-4AF2-BD46-C508D00289B2}" = ZoneAlarm Antivirus
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C5CF53-FE88-B20E-CE8C-2B5CAA3ECFD0}" = ATI Catalyst Install Manager
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"A-PDF Text Extractor_is1" = A-PDF Text Extractor 1.4
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONBJ_Deinstall_CNMCP3q.DLL" = Canon S750
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FileZilla Client" = FileZilla Client 3.5.3
"Free Video Dub_is1" = Free Video Dub version 2.0.3.1228
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Diversity Tool" = Hauppauge WinTV Diversity Tool
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"JAP" = JAP
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.1.0
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mega Camera" = Mega Camera, WDM Video Capture
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MPE" = MyPhoneExplorer
"mRouterRuntime" =
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PageshotsPro_is1" = PageshotsPro 1.0.0
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"PS3 Media Server" = PS3 Media Server
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"USB Scanner" = USB Scanner
"VLC media player" = VLC media player 0.9.8a
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 17.01.2012 17:52:15 | Computer Name = TANTRUM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avidemux2.exe, Version 2.5.6.0, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000370a0.
Error - 17.01.2012 17:52:48 | Computer Name = TANTRUM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avidemux2.exe, Version 2.5.6.0, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000370a0.
Error - 17.01.2012 18:06:02 | Computer Name = TANTRUM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avidemux2.exe, Version 2.5.6.0, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000370a0.
[ System Events ]
Error - 06.07.2012 13:49:18 | Computer Name = TANTRUM | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
Error - 07.07.2012 10:00:43 | Computer Name = TANTRUM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mega Camera, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 08.07.2012 05:16:16 | Computer Name = TANTRUM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mega Camera, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 08.07.2012 12:07:05 | Computer Name = TANTRUM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mega Camera, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 08.07.2012 13:52:51 | Computer Name = TANTRUM | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
Error - 09.07.2012 08:03:56 | Computer Name = TANTRUM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mega Camera, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 09.07.2012 16:40:02 | Computer Name = TANTRUM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mega Camera, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 10.07.2012 07:49:13 | Computer Name = TANTRUM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mega Camera, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 10.07.2012 07:56:15 | Computer Name = TANTRUM | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
Error - 10.07.2012 09:09:58 | Computer Name = TANTRUM | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
< End of report >
Gmer.TXT: PHP-Code: GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-12 08:00:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD5000AAKS-00UU3A0 rev.01.03B01
Running: d1plij79.exe; Driver: C:\DOKUME~1\Jens\LOKALE~1\Temp\kxtdipoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB14AFB32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwClose [0xB14B042C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB12D02F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateEvent [0xB14B099C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB12CA5CA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB12E97E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateMutant [0xB14B088A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB12D0A80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateProcess [0xB14B0BCC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateProcessEx [0xB14B0D80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateSection [0xB14AF8EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateSemaphore [0xB14B0AB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwCreateThread [0xB14B015E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB12D0BB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwDebugActiveProcess [0xB14B108C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB12CB1E0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB12EB098]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB12EAA0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwDeviceIoControlFile [0xB14B046E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwDuplicateObject [0xB14B208C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwEnumerateKey [0xB14C342C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwEnumerateValueKey [0xB14C3DDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwLoadDriver [0xB14B117E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB12EB9F0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB12EBBF8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xB12EDCBA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwNotifyChangeKey [0xB14C66AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwOpenEvent [0xB14B0A2E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB12CADF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwOpenMutant [0xB14B0916]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwOpenProcess [0xB14AFD6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwOpenSection [0xB14B14CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwOpenSemaphore [0xB14B0B46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwOpenThread [0xB14AFC60]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwQueryKey [0xB14C225C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB14C3A3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwQueryObject [0xB14C68A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwQuerySection [0xB14B1A10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwQueryValueKey [0xB14C382C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwQueueApcThread [0xB14B131E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB12EC986]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB12EC2BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwReplyPort [0xB14C83EC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB14C833A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB12CFEC4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB12ED358]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwResumeThread [0xB14B1F2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSaveKey [0xB14C26E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSaveKeyEx [0xB14C2878]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSaveMergedKeys [0xB14C2A14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSecureConnectPort [0xB14C801A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSetContextThread [0xB14B02CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB12CB5A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSetInformationToken [0xB14B0F38]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB12ECEC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSetSystemInformation [0xB14B1B60]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB12EA1CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSuspendProcess [0xB14B1C54]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSuspendThread [0xB14B1D8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwSystemDebugControl [0xB14B0FAE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwTerminateProcess [0xB14AFF0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwTerminateThread [0xB14AFE62]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwUnmapViewOfSection [0xB14B18C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) ZwWriteVirtualMemory [0xB14AFFF4]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [80, 0A, 2D, B1, CC, 0B, 4B, ...]
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes [7E, 11, 4B, B1, F0, B9, 2E, ...]
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29B8 16 Bytes [86, C9, 2E, B1, BC, C2, 2E, ...]
.text ntoskrnl.exe!_abnormal_termination + 384 804E29F0 20 Bytes [2E, 1F, 4B, B1, E2, 26, 4C, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [54, 1C, 4B, B1, 8E, 1D, 4B, ...]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E876A 5 Bytes JMP B14A2EBC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512969 5 Bytes JMP B14A2AE0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86_noagava]/Kaspersky Lab)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB986E000, 0x273B67, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[364] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[364] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[364] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[364] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[364] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[364] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[364] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[364] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[892] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[892] USER32.dll!DefDlgProcW + 56E 7E3742A8 5 Bytes JMP 20CB9270 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1024] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1024] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1024] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1024] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1024] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1024] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1024] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1084] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1084] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1084] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1084] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1084] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1084] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1084] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1084] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1128] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1128] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1128] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1128] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1128] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1128] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1140] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1140] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1140] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1140] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1140] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1140] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1300] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1300] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1300] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1300] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1300] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1300] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1300] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1300] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1688] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1688] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1688] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1688] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1688] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1688] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1688] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[1688] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1760] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1760] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1760] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1760] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1760] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1760] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1760] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\Ati2evxx.exe[1760] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1792] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1792] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1792] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1792] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1792] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1792] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1792] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1792] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Jens\Desktop\d1plij79.exe[1888] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Jens\Desktop\d1plij79.exe[1888] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Jens\Desktop\d1plij79.exe[1888] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Jens\Desktop\d1plij79.exe[1888] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Jens\Desktop\d1plij79.exe[1888] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Jens\Desktop\d1plij79.exe[1888] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Jens\Desktop\d1plij79.exe[1888] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Jens\Desktop\d1plij79.exe[1888] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[1992] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[1992] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[1992] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[1992] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[1992] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[1992] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[1992] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wscntfy.exe[1992] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2436] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2436] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2436] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2436] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2436] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2436] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2436] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2436] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[2468] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[2468] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[2468] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[2468] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[2468] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[2468] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[2468] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe[2468] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe[2512] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe[2512] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe[2512] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe[2512] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe[2512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe[2512] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe[2512] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe[2512] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Logitech\iTouch\iTouch.exe[2540] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Logitech\iTouch\iTouch.exe[2540] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Logitech\iTouch\iTouch.exe[2540] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Logitech\iTouch\iTouch.exe[2540] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Logitech\iTouch\iTouch.exe[2540] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Logitech\iTouch\iTouch.exe[2540] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Logitech\iTouch\iTouch.exe[2540] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Logitech\iTouch\iTouch.exe[2540] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[2576] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[2576] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[2576] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[2576] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[2576] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[2576] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[2576] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[2576] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe[2600] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe[2600] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe[2600] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe[2600] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe[2600] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe[2600] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe[2600] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe[2600] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2680] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2680] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2680] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2680] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2680] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2680] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2680] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[2680] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2876] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2876] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2876] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2876] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2876] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2876] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2876] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2876] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[3012] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[3012] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[3012] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[3012] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[3012] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[3012] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[3012] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe[3012] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[3088] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[3088] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[3088] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[3088] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[3088] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[3088] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[3088] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[3088] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\CDBurnerXP\NMSAccessU.exe[3140] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\CDBurnerXP\NMSAccessU.exe[3140] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\CDBurnerXP\NMSAccessU.exe[3140] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\CDBurnerXP\NMSAccessU.exe[3140] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\CDBurnerXP\NMSAccessU.exe[3140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\CDBurnerXP\NMSAccessU.exe[3140] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\CDBurnerXP\NMSAccessU.exe[3140] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\CDBurnerXP\NMSAccessU.exe[3140] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[3304] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[3304] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[3304] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[3304] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[3304] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[3304] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[3304] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[3304] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3324] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3324] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3324] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3324] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3324] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3324] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3324] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[3324] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtAccessCheckByType 7C91CE8E 5 Bytes JMP 20CB8791 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtImpersonateClientOfPort 7C91D3FE 5 Bytes JMP 20CB8D58 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3984] ntdll.dll!NtSetInformationProcess 7C91DC9E 5 Bytes JMP 20CB89AB C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3984] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3984] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7426 5 Bytes JMP 20CB8E5D C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3984] ADVAPI32.dll!SetThreadToken 77DAF193 5 Bytes JMP 20CB9036 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3984] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3984] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \FileSystem\Fastfat \Fat tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Freue mich über Antworten.
Besten Dank im Voraus...
Jens
|
16.07.2012, 13:08
Baum-Darstellung