malware! Hilfe!

Firely · 12.01.2010, 10:48

guten morgen ^^
vielleicht gleich am anfang, ich bin kein proficomputerbenutzer, sollte ich also was falsch ausdrücken oder dumm nachfragen, bitte ich um verständnis

kann antivir nicht mehr öffnen. vor ein, zwei wochen kam auch noch das windows security alert fenster, doch als ich den cleaner drüberlaufen hab lassen, erscheint es jetzt nicht mehr. dennoch ist der pc unglaublich langsam, manchmal fährt er sich von alleine runter und antivir lässt sich nach wie vor nicht öffen.

hab im forum schon ein bisschen rumgesurft, d.h. anbei die logfiles.

das erste ist das log. txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-12 10:38:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (47%) free of 57 GB
Total RAM: 1023 MB (43% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}]
Automated Content Enhancer - C:\Programme\Automated Content Enhancer\4.2.0.5360\ACEIEAddOn.dll [2009-12-18 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}]
Customized Platform Advancer - C:\Programme\Customized Platform Advancer\4.2.0.2050\CPAIEAddOn.dll [2009-12-18 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Toolbar Registrar - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}]
Content Management Wizard - C:\Programme\Content Management Wizard\1.2.0.2080\CMWIE.dll [2009-12-17 1323008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}]
Textual Content Provider - C:\Programme\Textual Content Provider\1.2.0.2040\TCPIE.dll [2009-12-24 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}]
Web Search Operator - C:\Programme\Web Search Operator\4.2.0.2150\wso.dll [2009-12-18 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Toolbar - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-09-24 4870144]
"nwiz"=nwiz.exe /install []
"SENS Keyboard V4 Launcher"=C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE [2003-03-04 45056]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-20 88363]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Internet Today Task"=C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe [2009-12-17 348160]
"ZoneAlarm Client"=C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"ISW"=C:\Programme\CheckPoint\ZAForceField\ForceField.exe [2009-10-14 730480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedswitchXP"=C:\Programme\SpeedswitchXP\SpeedswitchXP.exe [2006-07-14 626688]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"matf.de updater"=C:\Programme\Gemeinsame Dateien\matf_update\matf_updater.exe [2007-07-31 1084416]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Software Informer"=C:\Programme\Software Informer\softinfo.exe [2009-11-18 1990725]
"ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ec424f0-843d-11de-b962-0012f01e16f1}]
shell\AutoRun\command - E:\LaunchU3.exe -a

======List of files/folders created in the last 2 months======

2010-01-12 10:38:35 ----D---- C:\Programme\trend micro
2010-01-12 10:38:33 ----D---- C:\rsit
2009-12-31 17:22:10 ----D---- C:\Programme\Browser Hack Recover
2009-12-31 16:58:36 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CheckPoint
2009-12-31 16:58:10 ----D---- C:\Programme\CheckPoint
2009-12-31 16:58:05 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-12-31 16:58:03 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-12-31 16:58:03 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-12-31 16:57:56 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-12-31 16:57:55 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-12-31 16:57:55 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-12-31 16:57:55 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-12-31 16:57:55 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-12-31 16:57:55 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-12-31 16:57:52 ----D---- C:\Programme\Zone Labs
2009-12-31 16:57:24 ----D---- C:\WINDOWS\Internet Logs
2009-12-31 16:57:24 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-12-31 16:57:24 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-12-31 16:57:24 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-12-26 20:22:27 ----SHD---- C:\Config.Msi
2009-12-25 20:51:25 ----D---- C:\Programme\QuestService
2009-12-25 20:51:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QuestService
2009-12-25 20:50:14 ----D---- C:\Programme\Textual Content Provider
2009-12-25 20:49:20 ----D---- C:\Programme\Content Management Wizard
2009-12-25 20:47:40 ----D---- C:\Programme\Internet Today
2009-12-25 20:47:04 ----D---- C:\Programme\Customized Platform Advancer
2009-12-25 20:46:55 ----D---- C:\Programme\Automated Content Enhancer
2009-12-25 20:45:43 ----D---- C:\Programme\Web Search Operator
2009-12-25 20:44:58 ----D---- C:\Programme\GameRaving Toolbar
2009-12-24 19:35:04 ----D---- C:\09277ad8abc7117bd075
2009-12-24 17:10:34 ----D---- C:\4d8b0858380ae9be382ada20c055
2009-12-24 16:48:29 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-12-24 15:44:44 ----D---- C:\Programme\CCleaner
2009-12-24 14:53:29 ----D---- C:\WINDOWS\Minidump
2009-12-24 14:49:44 ----D---- C:\Programme\Malware Defense
2009-12-24 14:20:17 ----A---- C:\WINDOWS\system32\krl32mainweq.dll
2009-12-24 14:19:04 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
2009-12-08 15:22:57 ----D---- C:\Programme\Accessdiver
2009-11-18 20:11:07 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Software Informer
2009-11-18 20:11:06 ----D---- C:\Programme\Software Informer
2009-11-18 12:00:12 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2009-11-18 11:59:57 ----D---- C:\Programme\Google
2009-11-18 10:35:00 ----A---- C:\WINDOWS\zwer_1258536884.exe
2009-11-17 15:54:04 ----A---- C:\WINDOWS\zwer_1258469630.exe
2009-11-17 15:53:07 ----A---- C:\WINDOWS\zwer_1258469543.exe
2009-11-16 13:47:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hps
2009-11-16 13:21:28 ----D---- C:\Programme\dm
2009-11-16 10:43:30 ----A---- C:\WINDOWS\zwer_1258364601.exe
2009-11-15 20:05:27 ----A---- C:\WINDOWS\zwer_1258311855.exe
2009-11-15 19:23:51 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-15 16:14:24 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
2009-11-15 16:09:51 ----A---- C:\WINDOWS\zwer_1258297781.exe
2009-11-14 20:02:31 ----D---- C:\Programme\OpenOffice.org 3

======List of files/folders modified in the last 2 months======

2010-01-12 10:38:35 ----RD---- C:\Programme
2010-01-12 08:56:50 ----D---- C:\Programme\Mozilla Firefox
2010-01-12 08:49:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-12 08:46:22 ----D---- C:\WINDOWS\Temp
2010-01-12 08:46:22 ----D---- C:\WINDOWS\system32
2010-01-11 22:01:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-10 19:58:50 ----D---- C:\WINDOWS\Prefetch
2010-01-09 18:24:27 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3
2010-01-02 19:21:26 ----D---- C:\WINDOWS
2009-12-31 17:19:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-12-31 17:18:56 ----D---- C:\WINDOWS\system32\drivers
2009-12-31 17:18:18 ----SD---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
2009-12-31 16:45:39 ----D---- C:\WINDOWS\Debug
2009-12-29 21:20:29 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-28 23:40:45 ----D---- C:\Programme\ICQ6.5
2009-12-26 20:23:40 ----HD---- C:\WINDOWS\inf
2009-12-26 20:22:30 ----D---- C:\WINDOWS\WinSxS
2009-12-26 20:22:25 ----SHD---- C:\WINDOWS\Installer
2009-12-26 20:15:56 ----D---- C:\Programme\Gemeinsame Dateien
2009-12-01 12:06:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-20 15:45:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-18 20:32:58 ----D---- C:\Programme\Gemeinsame Dateien\Roxio Shared
2009-11-18 20:32:54 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield
2009-11-18 20:32:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Roxio
2009-11-18 20:32:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-18 20:32:25 ----RSD---- C:\WINDOWS\Fonts
2009-11-18 20:24:30 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Research In Motion
2009-11-18 20:24:06 ----D---- C:\Programme\Research In Motion
2009-11-18 12:12:39 ----SD---- C:\WINDOWS\Tasks
2009-11-18 12:00:19 ----D---- C:\Programme\DivX
2009-11-15 19:25:10 ----D---- C:\Program Files
2009-11-15 19:24:44 ----HD---- C:\Programme\InstallShield Installation Information
2009-11-14 20:06:14 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Programme\CheckPoint\ZAForceField\ISWKL.sys []
R3 AgereSoftModem;SENS LT56ADW Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-20 1265388]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-05-15 43136]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cs429x;Cirrus Logic WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwawdm.sys [2003-08-25 111808]
R3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000); C:\WINDOWS\System32\Drivers\FLMckUSB.sys [2004-07-14 80724]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-09-24 1383450]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
S3 ADDMEM;ADDMEM; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\__Samsung_Update\ADDMEM.SYS []
S3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-12-31 12288]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RimUsb;BlackBerry-Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-12-31 5888]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-12-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Programme\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 476528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-09-24 77824]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 gupdate1ca683e4c28dc90;Google Update Service (gupdate1ca683e4c28dc90); C:\Programme\Google\Update\GoogleUpdate.exe [2009-11-18 133104]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-23 355584]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

hier das info txt.

info.txt logfile of random's system information tool 1.06 2010-01-12 10:38:48

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A01182B4-DF96-4581-8A44-7C1D86FE2DC2}\setup.exe" -l0x7 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 5.0 PowerPack-->MsiExec.exe /I{316B6021-BB9B-4200-BD7B-2B4634C2F356}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Browser Hijack Recover(BHR) 2.2-->"C:\Programme\Browser Hack Recover\unins000.exe"
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CoolDesk XP-->"C:\Programme\IRsoft\CoolDesk XP\uninstall.exe"
Die Sims™ 3-->"C:\Programme\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dm Fotowelt-->"C:\Programme\dm\dm Fotowelt\uninstall.exe"
EDNetz Fotoalbum 1-->"C:\Programme\EDNetz Fotoalbum\unins000.exe"
EVEREST Ultimate Edition v4.60-->"C:\Programme\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Mega Codec Pack 4.1.7-->"C:\Programme\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.4.24567-->"C:\Programme\Last.fm\unins000.exe"
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.0.17)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 6 Ultra Edition-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvsm.inf
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RICOH Media Card Driver-->MsiExec.exe /X{C84AAC64-0C46-11D7-ADBA-0004AC2F50EA}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SENS Keyboard V4 Launcher-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E575CAA7-3ABC-417E-9352-30EF31611E13}\Setup.exe" Remove
SENS LT56ADW Modem-->agrsmdel
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Software Informer 1.0 BETA-->"C:\Programme\Software Informer\unins000.exe"
SpeedswitchXP V1.5-->"C:\Programme\SpeedswitchXP\uninstall.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
XnView 1.95.4-->"C:\Programme\XnView\unins000.exe"
ZoneAlarm Toolbar-->C:\Programme\CheckPoint\ZAForceField\Uninstall.exe
ZoneAlarm-->C:\Programme\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: Malware Defense (outdated)

======System event log======

Computer Name: SAMSUNG_X10P
Event Code: 4201
Message: Netzwerkadapter "Intel(R) PRO/Wireless 2200BG Network Connection" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 21132
Source Name: Tcpip
Time Written: 20091202170852.000000+060
Event Type: Informationen
User:

Computer Name: SAMSUNG_X10P
Event Code: 17
Message:
Record Number: 21131
Source Name: avgntflt
Time Written: 20091202170852.000000+060
Event Type: Informationen
User:

Computer Name: SAMSUNG_X10P
Event Code: 4201
Message: Netzwerkadapter "Intel(R) PRO/Wireless 2200BG Network Connection" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 21130
Source Name: Tcpip
Time Written: 20091202170852.000000+060
Event Type: Informationen
User:

Computer Name: SAMSUNG_X10P
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet.

Record Number: 21129
Source Name: Service Control Manager
Time Written: 20091202170850.000000+060
Event Type: Informationen
User: SAMSUNG_X10P\Administrator

Computer Name: SAMSUNG_X10P
Event Code: 7036
Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt".

Record Number: 21128
Source Name: Service Control Manager
Time Written: 20091202170850.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: SAMSUNG_X10P
Event Code: 4096
Message:
Record Number: 1605
Source Name: Avira AntiVir
Time Written: 20090826140313.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: SAMSUNG_X10P
Event Code: 1000
Message: Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.1042, fehlgeschlagenes Modul mshtml.dll, Version 7.0.6000.16735, Fehleradresse 0x002359e3.

Record Number: 1604
Source Name: Application Error
Time Written: 20090825205547.000000+120
Event Type: Fehler
User:

Computer Name: SAMSUNG_X10P
Event Code: 4096
Message:
Record Number: 1603
Source Name: Avira AntiVir
Time Written: 20090825104111.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: SAMSUNG_X10P
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 1602
Source Name: SecurityCenter
Time Written: 20090825104104.000000+120
Event Type: Informationen
User:

Computer Name: SAMSUNG_X10P
Event Code: 1517
Message: Die Registrierung des Benutzers "SAMSUNG_X10P\Administrator" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird.

Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden.

Record Number: 1601
Source Name: Userenv
Time Written: 20090825014713.000000+120
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\;C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared\;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

Chris4You · 12.01.2010, 12:15

Hi,

Rookitverdacht...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen!
(nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\WINDOWS\system32\krl32mainweq.dll
C:\WINDOWS\zwer_1258536884.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

GMER:
Gmer:
http://www.trojaner-board.de/74908-anleitung-gmer-rootkit-scanner.html
Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

Probiere GMER eventuell im abgesicherten Modus (F8 beim Booten drücken)...

chris

Firely · 12.01.2010, 20:06

ok, anbei ist das GMER file:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 16:08:39
Windows 5.1.2600 Service Pack 3
Running: lz8brfyd.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kwtoypow.sys

---- System - GMER 1.0.15 ----

Code 8672EDC0 ZwEnumerateKey
Code 865871C8 ZwFlushInstructionCache
Code 865761DE IofCallDriver
Code 864AAB76 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 865761E3
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 864AAB7B
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 8672EDC4
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 865871CC
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF74CD340, 0x10843F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D5300, 0x237860, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Java\jre6\bin\jqs.exe[152] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[152] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\AGRSMMSG.exe[204] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[392] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[492] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[540] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[552] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iTunes\iTunesHelper.exe[660] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[872] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\nvsvc32.exe[944] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[1052] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1344] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1532] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1532] USER32.dll!DefDlgProcW + 56E 7E3742A8 3 Bytes JMP 20C291E8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1532] USER32.dll!DefDlgProcW + 572 7E3742AC 1 Byte [A2]
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1600] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209A37DD C:\Programme\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] USER32.dll!DefDlgProcW + 56E 7E3742A8 3 Bytes JMP 20C291E8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] USER32.dll!DefDlgProcW + 572 7E3742AC 1 Byte [A2]
.text C:\Programme\SAMSUNG\SENS Keyboard V4

Firely · 12.01.2010, 20:06

Launcher\SENSKBD.EXE[1960] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2116] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Software Informer\softinfo.exe[2160] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ICQ6.5\ICQ.exe[2172] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2512] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[2596] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\iPod\bin\iPodService.exe[2812] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] ntdll.dll!NtAccessCheckByType 7C91CE70 5 Bytes JMP 20C28709 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] ntdll.dll!NtImpersonateClientOfPort 7C91D3E0 5 Bytes JMP 20C28CD0 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] ntdll.dll!NtSetInformationProcess 7C91DC80 5 Bytes JMP 20C28923 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209A37DD C:\Programme\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7416 5 Bytes JMP 20C28DD5 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] ADVAPI32.dll!SetThreadToken 77DAF183 5 Bytes JMP 20C28FAE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!sendto 71A12F51 5 Bytes JMP 20A93D71 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 0306000A
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!connect 71A14A07 5 Bytes JMP 02AF000A
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!send 71A14C27 5 Bytes JMP 0307000A
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 20A93E15 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!recv 71A1676F 5 Bytes JMP 20A93C29 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 20A93F07 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!WSASendDisconnect 71A20A22 5 Bytes JMP 20A9409B C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] WS2_32.dll!WSASendTo 71A20AAD 5 Bytes JMP 20A93FCE C:\Programme\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] USER32.dll!DefDlgProcW + 56E 7E3742A8 3 Bytes JMP 20C291E8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] USER32.dll!DefDlgProcW + 572 7E3742AC 1 Byte [A2]
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C28207 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Mozilla Firefox\firefox.exe[3568] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C281D2 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EFDED3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EFDED3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EFE10480] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EFDED3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [EFDED3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EFDEF080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EFDED3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EFDEF7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EFDEEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EFDE4DB0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EFDE5170] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Java\jre6\bin\jqs.exe[152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\AGRSMMSG.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\CyberLink\PowerDVD\PDVDServ.exe[320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Java\jre6\bin\jusched.exe[392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[492] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[540] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\iTunes\iTunesHelper.exe[660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[800] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\SpeedswitchXP\SpeedswitchXP.exe[852] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\nvsvc32.exe[944] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[956] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A541D0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54A20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A549E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe[1036] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52960] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ctfmon.exe[1052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[1344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52960] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A541D0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54A20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A549E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [7C8840D8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [7C8840CE] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [7C8840D3] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8840C9] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Internet Today\1.2.0.1420\InternetToday.exe[1584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\spoolsv.exe[1600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\CheckPoint\ZAForceField\ForceField.exe[1664] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE[1960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[2116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Windows Live\Messenger\msnmsgr.exe[2140] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Software Informer\softinfo.exe[2160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\ICQ6.5\ICQ.exe[2172] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[2512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[2596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\iPod\bin\iPodService.exe[2812] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Dokumente und Einstellungen\Administrator\Desktop\lz8brfyd.exe[3028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Mozilla Firefox\firefox.exe[3568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRThqlexublov.sys (*** hidden *** ) F5F0E000-F5F2A000 (114688 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [800] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [872] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [956] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1100] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1116] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1344] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\H8SRThqlexublov.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRThqlexublov.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRThqlexublov.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTxyqjxnmbfx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTyvlxhesmkp.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTafucfmueqg.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRThqlexublov.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRThqlexublov.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTxyqjxnmbfx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTyvlxhesmkp.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTlyxetjetnb.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTafucfmueqg.dll

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\H8SRT3cc8.tmp 343040 bytes executable
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\h8srtmainqt.dll 16657 bytes
File C:\WINDOWS\Temp\H8SRT6e08.tmp 246 bytes
File C:\WINDOWS\Temp\H8SRT7527.tmp 36864 bytes executable
File C:\WINDOWS\Temp\H8SRT7a97.tmp 40960 bytes executable
File C:\WINDOWS\Temp\H8SRT924d.tmp 463 bytes
File C:\WINDOWS\system32\drivers\H8SRThqlexublov.sys 39936 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\H8SRTafucfmueqg.dll 40960 bytes executable
File C:\WINDOWS\system32\H8SRTlyxetjetnb.dll 36864 bytes executable
File C:\WINDOWS\system32\H8SRTxyqjxnmbfx.dll 23040 bytes executable
File C:\WINDOWS\system32\H8SRTyvlxhesmkp.dat 204 bytes

---- EOF - GMER 1.0.15 ----

Firely · 12.01.2010, 20:07

hier C:\WINDOWS\zwer_1258536884.exe

Datei zwer_1258536884.exe empfangen 2010.01.12 12:34:34 (UTC)
Status: Beendet
Ergebnis: 0/41 (0.00%)
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.48 2010.01.12 -
AhnLab-V3 5.0.0.2 2010.01.12 -
AntiVir 7.9.1.134 2010.01.12 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.12 -
Avast 4.8.1351.0 2010.01.11 -
AVG 9.0.0.725 2010.01.12 -
BitDefender 7.2 2010.01.12 -
CAT-QuickHeal 10.00 2010.01.12 -
ClamAV 0.94.1 2010.01.12 -
Comodo 3556 2010.01.12 -
DrWeb 5.0.1.12222 2010.01.12 -
eSafe 7.0.17.0 2010.01.11 -
eTrust-Vet 35.2.7232 2010.01.12 -
F-Prot 4.5.1.85 2010.01.12 -
F-Secure 9.0.15370.0 2010.01.12 -
Fortinet 4.0.14.0 2010.01.12 -
GData 19 2010.01.12 -
Ikarus T3.1.1.80.0 2010.01.12 -
Jiangmin 13.0.900 2010.01.12 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.12 -
McAfee 5858 2010.01.11 -
McAfee+Artemis 5858 2010.01.11 -
McAfee-GW-Edition 6.8.5 2010.01.12 -
Microsoft 1.5302 2010.01.12 -
NOD32 4763 2010.01.12 -
Norman 6.04.03 2010.01.12 -
nProtect 2009.1.8.0 2010.01.12 -
Panda 10.0.2.2 2010.01.11 -
PCTools 7.0.3.5 2010.01.12 -
Prevx 3.0 2010.01.12 -
Rising 22.30.01.03 2010.01.12 -
Sophos 4.49.0 2010.01.12 -
Sunbelt 3.2.1858.2 2010.01.12 -
Symantec 20091.2.0.41 2010.01.12 -
TheHacker 6.5.0.3.147 2010.01.12 -
TrendMicro 9.120.0.1004 2010.01.12 -
VBA32 3.12.12.1 2010.01.12 -
ViRobot 2010.1.12.2132 2010.01.12 -
VirusBuster 5.0.21.0 2010.01.11 -
weitere Informationen
File size: 3733 bytes
MD5 : 4837e42208a96b5e307d329c47f0051e
SHA1 : 1a449a2942aa4dfd54382102f3e3e3395f509000
SHA256: b4c8eae711af2de2fb4a52f4e97d1b47b21ff95a3db769d852e8fe1ad41b679b
TrID : File type identification
Text - UTF-8 encoded (100.0%)
ssdeep: 48:uqoAp2kj6ZNned7EqHxQ3T4CkbPLqeFbvy5tOfgSzvfDS9ZFodNMgnmoy0QW+Ng6:uBgNaD4CmPLjko7KYMgnmoGP03+
PEiD : -
packers (F-Prot): UTF-8
RDS : NSRL Reference Data Set

und hier ist C:\WINDOWS\system32\krl32mainweq.dll

Datei krl32mainweq.dll empfangen 2010.01.12 12:29:53 (UTC)
Status: Beendet
Ergebnis: 1/41 (2.44%)
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.48 2010.01.12 -
AhnLab-V3 5.0.0.2 2010.01.12 -
AntiVir 7.9.1.134 2010.01.12 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.12 -
Avast 4.8.1351.0 2010.01.11 -
AVG 9.0.0.725 2010.01.12 -
BitDefender 7.2 2010.01.12 -
CAT-QuickHeal 10.00 2010.01.12 -
ClamAV 0.94.1 2010.01.12 -
Comodo 3556 2010.01.12 -
DrWeb 5.0.1.12222 2010.01.12 -
eSafe 7.0.17.0 2010.01.11 -
eTrust-Vet 35.2.7232 2010.01.12 -
F-Prot 4.5.1.85 2010.01.12 -
F-Secure 9.0.15370.0 2010.01.12 -
Fortinet 4.0.14.0 2010.01.12 -
GData 19 2010.01.12 -
Ikarus T3.1.1.80.0 2010.01.12 -
Jiangmin 13.0.900 2010.01.12 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.12 -
McAfee 5858 2010.01.11 -
McAfee+Artemis 5858 2010.01.11 -
McAfee-GW-Edition 6.8.5 2010.01.12 -
Microsoft 1.5302 2010.01.12 -
NOD32 4763 2010.01.12 -
Norman 6.04.03 2010.01.12 -
nProtect 2009.1.8.0 2010.01.12 -
Panda 10.0.2.2 2010.01.11 -
PCTools 7.0.3.5 2010.01.12 -
Prevx 3.0 2010.01.12 -
Rising 22.30.01.03 2010.01.12 -
Sophos 4.49.0 2010.01.12 Mal/TDSSConf-A
Sunbelt 3.2.1858.2 2010.01.12 -
Symantec 20091.2.0.41 2010.01.12 -
TheHacker 6.5.0.3.147 2010.01.12 -
TrendMicro 9.120.0.1004 2010.01.12 -
VBA32 3.12.12.1 2010.01.12 -
ViRobot 2010.1.12.2132 2010.01.12 -
VirusBuster 5.0.21.0 2010.01.11 -
weitere Informationen
File size: 934 bytes
MD5 : 6f3a2f60cc0f0bad939bdd93d30e4159
SHA1 : 0c096caff1ede90c93c23d1bc9c8f1a6aa06ed9f
SHA256: 18edae8fe513f8c56f0db0add9a768ba9e22e587019072ad53626beea9cdbfb7
TrID : File type identification
Unknown!
ssdeep: 24:X/tKQtTX2LxDNLTgBm4Ff3+r4DbiTmMxlcW8GqzaXic:PtKQtyLxBLTMm4Fmk/ibbqFc
PEiD : -
RDS : NSRL Reference Data Set
-

Chris4You · 12.01.2010, 21:23

Hi,

wow schwaches Bild der Scanner nur einer...
Und Zonealarm macht das GMER-Log zum reinsten Vergnügen...

Es ist ein Rookit vorhanden, daher:

Bereinigung für Rootkit "H8SRTd"

Zuerst versucht ihr MAM zu installieren, dazu benennt es bereits im Downloaddialog auf
z.B. Test.exe um. Startet es nach der Installation nicht, wartet bis Avenger den
Rootkit "ausgeknippst" hat und lasst es dann sofort laufen (nach dem Update der Signaturen!)

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls MAM bereits installiert ist, weiter mit Avenger...

Anleitung Avenger (by swandog46)

1.) Ladet das Tool Avenger und speichere es auf dem Desktop:

2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:

ATTFilter

Drivers to delete:
H8SRTd.sys

Folders to delete:
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp

3.) Schliesst alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach Ausführen des Avengers wird das System neu gestartet.

4.) Um Avenger zu starten klicke auf -> Execute
Dann bestätigt mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest ihr hier einen Report von Avenger -> C:\avenger.txt
Öffnet die Datei mit dem Editor und kopiert den gesamten Text in Euren Beitrag hier am Trojaner-Board.

Nun bitte sofort MAM starten, Fullscann und alles bereinigen lassen, Log posten:
Startet MAM immer noch nicht, in das Installationsverzeichnis von MAM wechseln und die EXE von MAM (mbam.exe)
auf z. B. test.exe umbenennen und durch Doppelklick starten. Nach Beendigung des Scanns (und MAM) nennt ihr sie
auf den ursprünglichen Namen (mbam.exe) zurück.

Poste danach ein neues GMER-Log und OTL-Log:
OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris

malware! Hilfe!

Plagegeister aller Art und deren Bekämpfung: malware! Hilfe!

malware! Hilfe!

malware! Hilfe!

malware! Hilfe!

malware! Hilfe!

malware! Hilfe!

malware! Hilfe!

Ähnliche Themen: malware! Hilfe!