Dobrý deň, pred niekoľkými dňami sa mi začalo diať toto: Systém beží v pohode, nie sú žiadne problémy až kým ho nedám vypnúť alebo reštartovať. Vtedy sa mi vypne len antivírus, systém sa nevypína je bez známky aktivity, nedajú sa spustiť žiadne programy. Trvá to asi 5 min potom sa všetko vypne a naskočí obrazovka "odhlasuje sa" toto trvá ďalších 5 min a až potom sa PC vypne. Prosím o pomoc, prikladám log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Darkness at 2009-12-14 11:14:54
Systém Microsoft Windows XP Professional Service Pack 3
System drive I: has 2 GB (16%) free of 10 GB
Total RAM: 1024 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:14, on 14. 12. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\CheckPoint\ZAForceField\ForceField.exe
I:\Program Files\Avira\AntiVir Desktop\sched.exe
I:\Program Files\Avira\AntiVir Desktop\avguard.exe
J:\Program Files\Java\jre6\bin\jqs.exe
i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
I:\Program Files\CDBurnerXP\NMSAccessU.exe
I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\LVCOMSX.EXE
I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I:\Program Files\Avira\AntiVir Desktop\avgnt.exe
J:\Program Files\Java\jre6\bin\jusched.exe
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\WINDOWS\system32\optmouse.exe
J:\Program Files\AnVir Task Manager Free\AnVir.exe
J:\Program Files\Rainlendar2\Rainlendar2.exe
J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\totalcmd\TOTALCMD.EXE
I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe
I:\Program Files\Skype\Phone\Skype.exe
I:\Program Files\Skype\Plugin Manager\skypePM.exe
I:\Program Files\Mozilla Firefox\firefox.exe
J:\Program Files\Java\jre6\bin\javaw.exe
C:\Downloadz\RSIT.exe
I:\Program Files\trend micro\Darkness.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.disk-tools.com/download/daemon
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - I:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - i:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - J:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - i:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - I:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [LVCOMSX] I:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Smapp] I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CD Autorun] J:\Program Files\TweakNow PowerPack 2009\CDAuto.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "I:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [OPTMOUSEMOUSE] I:\WINDOWS\system32\optmouse.exe
O4 - HKCU\..\Run: [AnVir Task Manager Free] "J:\Program Files\AnVir Task Manager Free\AnVir.exe" Minimized
O4 - HKCU\..\Run: [Rainlendar2] J:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [PC Suite Tray] "J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://J:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD9D6989-4E04-4DC9-96D6-BF7F319C66D9}: NameServer = 195.146.132.58 195.146.128.62
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - i:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - i:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: I:\WINDOWS\system32\cssdll32.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - J:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe LM Service - Unknown owner - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - I:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - I:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - J:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: NMSAccessU - Unknown owner - I:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8399 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Toolbar Registrar - I:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - i:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - J:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - J:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - i:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Toolbar - I:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=I:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
"Smapp"=I:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"ATIPTA"=I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-09-11 335872]
"CnxDslTaskBar"=I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe [2004-06-16 233472]
"HP Software Update"=I:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"avgnt"=I:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=J:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=J:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"CD Autorun"=J:\Program Files\TweakNow PowerPack 2009\CDAuto.exe []
"ZoneAlarm Client"=I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"ISW"=I:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2009-10-14 730480]
"OPTMOUSEMOUSE"=I:\WINDOWS\system32\optmouse.exe [2001-05-08 45056]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AnVir Task Manager Free"=J:\Program Files\AnVir Task Manager Free\AnVir.exe [2009-12-03 1709792]
"Rainlendar2"=J:\Program Files\Rainlendar2\Rainlendar2.exe [2009-08-22 5148672]
"PC Suite Tray"=J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
I:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="I:\WINDOWS\system32\cssdll32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - J:\Program Files\Stardock\Fences\FencesMenu.dll [2009-10-02 128360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"I:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="I:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"I:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="I:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"I:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="I:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"I:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="I:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"I:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="I:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"I:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="I:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"I:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="I:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"I:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="I:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"I:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="I:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"I:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="I:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"I:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="I:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"I:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="I:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"I:\Program Files\Skype\Plugin Manager\skypePM.exe"="I:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"I:\Program Files\Opera\opera.exe"="I:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"J:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe"="J:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"J:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.mui"="J:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.mui:*:Enabled:SiSoftware Sandra Agent Service"
"I:\Program Files\Skype\Phone\Skype.exe"="I:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-12-14 11:14:55 ----D---- I:\Program Files\trend micro
2009-12-14 10:12:09 ----D---- I:\WINDOWS\CSC
2009-12-13 20:35:33 ----D---- I:\WINDOWS\system32\appmgmt
2009-12-13 20:23:40 ----D---- I:\WINDOWS\system32\NtmsData
2009-12-13 20:19:45 ----HD---- I:\WINDOWS\system32\GroupPolicy
2009-12-13 16:09:17 ----D---- I:\Documents and Settings\Darkness\Application Data\Thinstall
2009-12-13 15:52:41 ----D---- I:\Documents and Settings\Darkness\Application Data\vlc
2009-12-13 12:51:06 ----D---- I:\Documents and Settings\Darkness\Application Data\Sachy
2009-12-09 21:58:33 ----D---- I:\Program Files\Samsung
2009-12-09 21:58:33 ----A---- I:\WINDOWS\system32\OPTMOUSE.EXE
2009-12-09 21:58:33 ----A---- I:\WINDOWS\system32\OPTMOUSE.DLL
2009-12-09 21:58:33 ----A---- I:\WINDOWS\system32\Optmoucp.dll
2009-12-07 14:09:45 ----D---- I:\Program Files\ODEON
2009-12-07 11:17:44 ----D---- I:\Program Files\NSS
2009-12-06 15:22:12 ----A---- I:\WINDOWS\ModemLog_Nokia N70 USB Modem.txt
2009-12-05 19:37:46 ----D---- I:\Documents and Settings\Darkness\Application Data\Nokia
2009-12-05 19:37:31 ----D---- I:\Documents and Settings\Darkness\Application Data\PC Suite
2009-12-05 19:31:59 ----D---- I:\Program Files\PC Connectivity Solution
2009-12-05 19:31:46 ----A---- I:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-12-05 19:31:46 ----A---- I:\WINDOWS\system32\nmwcdcocls.dll
2009-12-05 11:11:53 ----D---- I:\Documents and Settings\Darkness\Application Data\EurekaLog
2009-12-05 10:38:11 ----HDC---- I:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2009-12-05 10:33:26 ----D---- I:\Documents and Settings\Darkness\Application Data\Stardock
2009-12-05 10:33:17 ----HDC---- I:\Documents and Settings\All Users\Application Data\{E94FD7CC-6945-4744-99C3-9BFF40AA2F24}
2009-12-04 20:33:16 ----D---- I:\Program Files\Karen's Power Tools
2009-12-04 20:33:04 ----D---- I:\Documents and Settings\All Users\Application Data\Karen's Power Tools
2009-12-02 16:45:13 ----D---- I:\Documents and Settings\Darkness\Application Data\r2 Studios
2009-12-02 15:30:20 ----D---- I:\Program Files\Miranda pack by sssugi 2.2.1
2009-12-02 14:33:51 ----D---- I:\Documents and Settings\Darkness\Application Data\CheckPoint
2009-12-02 14:33:23 ----D---- I:\Program Files\CheckPoint
2009-12-02 14:33:19 ----A---- I:\WINDOWS\system32\vsregexp.dll
2009-12-02 14:33:17 ----A---- I:\WINDOWS\system32\zlcommdb.dll
2009-12-02 14:33:17 ----A---- I:\WINDOWS\system32\zlcomm.dll
2009-12-02 14:33:12 ----A---- I:\WINDOWS\system32\vswmi.dll
2009-12-02 14:33:10 ----D---- I:\WINDOWS\system32\ZoneLabs
2009-12-02 14:33:10 ----A---- I:\WINDOWS\system32\zpeng25.dll
2009-12-02 14:33:10 ----A---- I:\WINDOWS\system32\vsxml.dll
2009-12-02 14:33:10 ----A---- I:\WINDOWS\system32\vspubapi.dll
2009-12-02 14:33:10 ----A---- I:\WINDOWS\system32\vsmonapi.dll
2009-12-02 14:33:08 ----D---- I:\Program Files\Zone Labs
2009-12-02 14:32:39 ----A---- I:\WINDOWS\system32\vsutil.dll
2009-12-02 14:32:39 ----A---- I:\WINDOWS\system32\vsinit.dll
2009-12-02 14:32:39 ----A---- I:\WINDOWS\system32\vsdata.dll
2009-12-02 13:57:29 ----D---- I:\Program Files\Partition Wizard Home Edition 4.2
2009-12-02 13:56:35 ----D---- I:\Program Files\NewFreeScreensavers
2009-11-30 13:54:48 ----A---- I:\Documents and Settings\All Users\Application Data\xml5B.tmp
2009-11-30 13:54:48 ----A---- I:\Documents and Settings\All Users\Application Data\xml5A.tmp
2009-11-30 13:54:44 ----A---- I:\Documents and Settings\All Users\Application Data\xml59.tmp
2009-11-30 13:54:07 ----A---- I:\WINDOWS\system32\XAudio2_5.dll
2009-11-30 13:54:07 ----A---- I:\WINDOWS\system32\xactengine3_5.dll
2009-11-30 13:54:06 ----A---- I:\WINDOWS\system32\d3dcsx_42.dll
2009-11-30 13:54:06 ----A---- I:\WINDOWS\system32\D3DCompiler_42.dll
2009-11-30 13:54:04 ----A---- I:\WINDOWS\system32\d3dx11_42.dll
2009-11-30 13:54:01 ----A---- I:\WINDOWS\system32\d3dx10_42.dll
2009-11-30 13:53:57 ----A---- I:\WINDOWS\system32\D3DX9_42.dll
2009-11-27 17:12:11 ----D---- I:\Program Files\Common Files\McAfee
2009-11-27 17:11:48 ----D---- I:\Program Files\McAfee
2009-11-27 17:11:48 ----D---- I:\Documents and Settings\All Users\Application Data\McAfee
2009-11-22 14:35:37 ----D---- I:\Documents and Settings\Darkness\Application Data\Media Player Classic
2009-11-19 12:46:20 ----A---- I:\WINDOWS\system32\ssubtmr6.dll
2009-11-17 20:17:10 ----D---- I:\WINDOWS\Internet Logs
2009-11-17 18:51:56 ----D---- I:\Documents and Settings\Darkness\Application Data\TweakNow RegCleaner
2009-11-15 12:34:08 ----A---- I:\WINDOWS\system32\javaws.exe
2009-11-15 12:34:08 ----A---- I:\WINDOWS\system32\javaw.exe
2009-11-15 12:34:08 ----A---- I:\WINDOWS\system32\java.exe
======List of files/folders modified in the last 1 months======
2009-12-14 11:14:55 ----RD---- I:\Program Files
2009-12-14 11:12:50 ----D---- I:\Documents and Settings\Darkness\Application Data\Skype
2009-12-14 11:05:37 ----D---- I:\WINDOWS\Temp
2009-12-14 10:25:02 ----A---- I:\WINDOWS\Slovnik 2005.INI
2009-12-14 10:24:25 ----D---- I:\WINDOWS
2009-12-14 10:19:09 ----D---- I:\Program Files\Mozilla Firefox
2009-12-14 10:18:35 ----D---- I:\Documents and Settings\Darkness\Application Data\skypePM
2009-12-14 10:15:44 ----A---- I:\WINDOWS\wincmd.ini
2009-12-14 10:14:54 ----D---- I:\WINDOWS\Prefetch
2009-12-14 10:12:40 ----D---- I:\WINDOWS\system32\CatRoot2
2009-12-13 22:10:47 ----D---- I:\WINDOWS\security
2009-12-13 22:10:43 ----A---- I:\WINDOWS\SchedLgU.Txt
2009-12-13 20:40:27 ----D---- I:\WINDOWS\Debug
2009-12-13 20:35:33 ----D---- I:\WINDOWS\system32
2009-12-13 20:19:30 ----D---- I:\WINDOWS\Registration
2009-12-13 18:08:36 ----A---- I:\WINDOWS\ChssBase.ini
2009-12-13 15:44:44 ----AD---- I:\Documents and Settings\All Users\Application Data\TEMP
2009-12-09 22:56:36 ----HD---- I:\WINDOWS\inf
2009-12-09 21:58:45 ----RSHDC---- I:\WINDOWS\system32\dllcache
2009-12-09 21:58:41 ----D---- I:\WINDOWS\system32\drivers
2009-12-09 21:58:37 ----D---- I:\WINDOWS\system32\ReinstallBackups
2009-12-09 21:58:32 ----HD---- I:\Program Files\InstallShield Installation Information
2009-12-09 16:44:11 ----ASH---- I:\boot.ini
2009-12-07 14:10:03 ----SHD---- I:\WINDOWS\Installer
2009-12-07 11:54:40 ----A---- I:\WINDOWS\Translator 2005.INI
2009-12-07 11:23:33 ----SD---- I:\Documents and Settings\Darkness\Application Data\Microsoft
2009-12-05 19:50:36 ----A---- I:\WINDOWS\system32\PerfStringBackup.INI
2009-12-05 19:33:15 ----DC---- I:\WINDOWS\system32\DRVSTORE
2009-12-05 19:32:14 ----D---- I:\Program Files\DIFX
2009-12-05 19:32:02 ----D---- I:\WINDOWS\system32\CatRoot
2009-12-05 19:31:31 ----D---- I:\Documents and Settings\All Users\Application Data\Installations
2009-12-05 10:39:04 ----RSD---- I:\WINDOWS\assembly
2009-12-02 14:16:26 ----D---- I:\Program Files\Your Uninstaller 2008
2009-12-02 14:15:43 ----D---- I:\Program Files\Common Files
2009-12-01 17:06:58 ----SHD---- I:\RECYCLER
2009-12-01 16:46:11 ----D---- I:\WINDOWS\system32\config
2009-11-30 13:54:09 ----D---- I:\WINDOWS\system32\DirectX
2009-11-25 12:15:22 ----D---- I:\Program Files\USDownloader135
2009-11-23 17:56:23 ----D---- I:\WINDOWS\system32\Restore
2009-11-23 12:44:18 ----D---- I:\Program Files\Opera
2009-11-22 14:30:40 ----RSD---- I:\WINDOWS\Fonts
2009-11-17 20:17:13 ----D---- I:\WINDOWS\WinSxS
2009-11-17 20:06:01 ----SD---- I:\WINDOWS\Tasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;AMD K7 Processor Driver; I:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 avgio;avgio; \??\I:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; I:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; I:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vsdatant;vsdatant; I:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R2 avgntflt;avgntflt; I:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\I:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; I:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; I:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; I:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 aeaudio;aeaudio; I:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; I:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2003-08-12 594432]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; I:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; I:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; I:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; I:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-01-16 40960]
R3 LVUSBSta;Logitech USB Monitor Filter; I:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 optmoupf;Samsung OptMouse PS2 Filter Driver; I:\WINDOWS\system32\DRIVERS\optmoupf.sys [2002-04-25 9152]
R3 pepifilter;Volume Adapter; I:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-01-31 7104]
R3 PID_08A0;QuickCam IM(PID_08A0); I:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-01-31 912768]
R3 smwdm;smwdm; I:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbaudio;USB Audio Driver (WDM); I:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; I:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; I:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; I:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; I:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 as1v6vj3;as1v6vj3; I:\WINDOWS\system32\drivers\as1v6vj3.sys []
S3 CCDECODE;Closed Caption Decoder; I:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; I:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hamachi;Hamachi Network Interface; I:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; I:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; I:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; I:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; I:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; I:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; I:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; I:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NTSIM;NTSIM; \??\I:\WINDOWS\system32\ntsim.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; I:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PRODIGY;PRODIGY; I:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 SANDRA;SANDRA; \??\J:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; I:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StarOpen;StarOpen; I:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 streamip;BDA IPSink; I:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; I:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Microsoft USB PRINTER Class; I:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; I:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; I:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; I:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 usbstor;USB Mass Storage Driver; I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsbus;Virtual Serial Bus Enumerator; I:\WINDOWS\system32\DRIVERS\vsb.sys [2008-07-23 15264]
S3 vserial;ELTIMA Virtual Serial Ports Driver; I:\WINDOWS\System32\DRIVERS\vserial.sys [2008-07-23 47744]
S3 Wdf01000;Kernel Mode Driver Frameworks service; I:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; I:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; I:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; I:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; I:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; I:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; I:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 476528]
R2 JavaQuickStarterService;Java Quick Starter; J:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2009-11-12 93320]
R2 NMSAccessU;NMSAccessU; I:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; I:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; I:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R3 ServiceLayer;ServiceLayer; I:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 Pml Driver HPZ12;Pml Driver HPZ12; I:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 Adobe LM Service;Adobe LM Service; I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-10-18 68096]
S3 aspnet_state;ASP.NET State Service; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; I:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; I:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Problém s vypínaním PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Problém s vypínaním PC
Hezké odpoledne 
Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory
Dejte soubor otestovat na http://www.virustotal.com
I:\WINDOWS\system32\cssdll32.dll
Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.
Z mého podpisu stahněte Ccleaner
-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy udělat zálohu registrů - nemusíte
-kliknete opravit všechny problémy ok zavřít
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory Dejte soubor otestovat na http://www.virustotal.comI:\WINDOWS\system32\cssdll32.dll
Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.
Z mého podpisu stahněte Ccleaner-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy
udělat zálohu registrů - nemusíte-kliknete opravit všechny problémy
ok zavřítCcleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Darkness
- Návštěvník
- Příspěvky: 67
- Registrován: 13 bře 2008 07:17
- Bydliště: Tramtária
- Kontaktovat uživatele:
Re: Problém s vypínaním PC
Takže výsledky z VirusTotal:
http://www.virustotal.com/reanalisis.ht ... 1260817223
PC som vyčistil cez CCleaner a problém pretrváva a ešte dodám, že to isté robí aj na druhom systéme (tiež WinXP), ktorý je nainštalovaný na inej partícii.
http://www.virustotal.com/reanalisis.ht ... 1260817223
PC som vyčistil cez CCleaner a problém pretrváva a ešte dodám, že to isté robí aj na druhom systéme (tiež WinXP), ktorý je nainštalovaný na inej partícii.
Re: Problém s vypínaním PC
Měl jste někdy na tomto disku comodo firewall?
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Darkness
- Návštěvník
- Příspěvky: 67
- Registrován: 13 bře 2008 07:17
- Bydliště: Tramtária
- Kontaktovat uživatele:
Re: Problém s vypínaním PC
Comodo som kedysi mal nainštalovaný na oboch systémoch, nedávno som ho nahradil Zone Alarmom.
Logy z Gmeru:
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit quick scan 2009-12-14 21:30:01
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: I:\DOCUME~1\Darkness\LOCALS~1\Temp\ugtdypog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- System - GMER 1.0.15 ----
SSDT sprn.sys ZwEnumerateKey [0xF772CCA2]
SSDT sprn.sys ZwEnumerateValueKey [0xF772D030]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867DA1F8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- EOF - GMER 1.0.15 ----
Tento log musím rozdeliť na viac tém, lebo do jednej sa nezmestí
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-14 22:17:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: I:\DOCUME~1\Darkness\LOCALS~1\Temp\ugtdypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xBAF10630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xBAF09D80]
SSDT F7E8C896 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xBAF10E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xBAF27D30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xBAF28150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xBAF32240]
SSDT F7E8C88C ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xBAF10FB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xBAF0AC60]
SSDT F7E8C89B ZwDeleteKey
SSDT F7E8C8A5 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xBAF26E70]
SSDT sprn.sys ZwEnumerateKey [0xF772CCA2]
SSDT sprn.sys ZwEnumerateValueKey [0xF772D030]
SSDT F7E8C8AA ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xBAF302B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xBAF0A750]
SSDT sprn.sys ZwOpenKey [0xF770E0C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xBAF2A450]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xBAF2A020]
SSDT sprn.sys ZwQueryKey [0xF772D108]
SSDT sprn.sys ZwQueryValueKey [0xF772CF88]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xBAF31430]
SSDT F7E8C8B4 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xBAF10180]
SSDT F7E8C8AF ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xBAF10910]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xBAF0B080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xBAF318E0]
SSDT F7E8C8A0 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xBAF28D20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xBAF28A50]
INT 0x62 ? 867DBBF8
INT 0x73 ? 86607BF8
INT 0x73 ? 86607BF8
INT 0x73 ? 86607BF8
INT 0x73 ? 86607BF8
INT 0x73 ? 86607BF8
INT 0x82 ? 867DBBF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [40, 0E, F1, BA, 30, 7D, F2, ...]
.text ntoskrnl.exe!_abnormal_termination + 1D4 804E2830 8 Bytes CALL 7350D92C
? sprn.sys Systém nemôže nájsť zadaný súbor. !
.text USBPORT.SYS!DllUnload F74388AC 5 Bytes JMP 866071D8
.text az9zd24m.SYS F7300386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text az9zd24m.SYS F73003AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az9zd24m.SYS F73003C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text az9zd24m.SYS F73003C9 1 Byte [2E]
.text az9zd24m.SYS F73003C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
.text ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709
.text ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0
.text ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923
---- User code sections - GMER 1.0.15 ----
.text I:\WINDOWS\System32\alg.exe[260] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209A37DD I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 007C15F1 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 007C15A0 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 007C1534 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 007C1693 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 007C15D6 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 007C9A00 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 007C160C I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 007C15BB I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 007C104C I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 007C1627 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 007C156A I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 007C107C I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 007C9A80 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007C1000 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 007C165D I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C11EF I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C13D5 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 007C1183 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C1168 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C1132 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C10E1 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C10C6 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007C10FC I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 007C114D I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 007C1384 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 007C139F I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007C120A I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 007C1318 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 007C12AC I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 007C119E I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 007C1276 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 007C1225 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007C1240 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 007C1333 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 007C134E I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 007C12E2 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 007C1291 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 007C12FD I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209A37DD I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 007C12C7 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 007C125B I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007C13BA I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 007C1117 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 20A93D71 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20A93BA8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 007C14AD I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20A93CD3 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20A93E15 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20A93C29 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20A93F07 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 007C1492 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 20A9409B I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20A93FCE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 007C1441 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 007C1426 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 007C13F0 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 007C140B I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 007C145C I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 007C1477 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
Logy z Gmeru:
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit quick scan 2009-12-14 21:30:01
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: I:\DOCUME~1\Darkness\LOCALS~1\Temp\ugtdypog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- System - GMER 1.0.15 ----
SSDT sprn.sys ZwEnumerateKey [0xF772CCA2]
SSDT sprn.sys ZwEnumerateValueKey [0xF772D030]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867DA1F8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- EOF - GMER 1.0.15 ----
Tento log musím rozdeliť na viac tém, lebo do jednej sa nezmestí
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-14 22:17:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: I:\DOCUME~1\Darkness\LOCALS~1\Temp\ugtdypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xBAF10630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xBAF09D80]
SSDT F7E8C896 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xBAF10E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xBAF27D30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xBAF28150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xBAF32240]
SSDT F7E8C88C ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xBAF10FB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xBAF0AC60]
SSDT F7E8C89B ZwDeleteKey
SSDT F7E8C8A5 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xBAF26E70]
SSDT sprn.sys ZwEnumerateKey [0xF772CCA2]
SSDT sprn.sys ZwEnumerateValueKey [0xF772D030]
SSDT F7E8C8AA ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xBAF302B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xBAF0A750]
SSDT sprn.sys ZwOpenKey [0xF770E0C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xBAF2A450]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xBAF2A020]
SSDT sprn.sys ZwQueryKey [0xF772D108]
SSDT sprn.sys ZwQueryValueKey [0xF772CF88]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xBAF31430]
SSDT F7E8C8B4 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xBAF10180]
SSDT F7E8C8AF ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xBAF10910]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xBAF0B080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xBAF318E0]
SSDT F7E8C8A0 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xBAF28D20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xBAF28A50]
INT 0x62 ? 867DBBF8
INT 0x73 ? 86607BF8
INT 0x73 ? 86607BF8
INT 0x73 ? 86607BF8
INT 0x73 ? 86607BF8
INT 0x73 ? 86607BF8
INT 0x82 ? 867DBBF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [40, 0E, F1, BA, 30, 7D, F2, ...]
.text ntoskrnl.exe!_abnormal_termination + 1D4 804E2830 8 Bytes CALL 7350D92C
? sprn.sys Systém nemôže nájsť zadaný súbor. !
.text USBPORT.SYS!DllUnload F74388AC 5 Bytes JMP 866071D8
.text az9zd24m.SYS F7300386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text az9zd24m.SYS F73003AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az9zd24m.SYS F73003C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text az9zd24m.SYS F73003C9 1 Byte [2E]
.text az9zd24m.SYS F73003C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
.text ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709
.text ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0
.text ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923
---- User code sections - GMER 1.0.15 ----
.text I:\WINDOWS\System32\alg.exe[260] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[260] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209A37DD I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[396] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\rundll32.exe[436] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[504] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 007C15F1 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 007C15A0 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 007C1534 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 007C1693 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 007C15D6 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 007C9A00 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 007C160C I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 007C15BB I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 007C104C I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 007C1627 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 007C156A I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 007C107C I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 007C9A80 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007C1000 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 007C165D I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C11EF I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C13D5 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 007C1183 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C1168 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C1132 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C10E1 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C10C6 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007C10FC I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 007C114D I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 007C1384 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 007C139F I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007C120A I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 007C1318 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 007C12AC I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 007C119E I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 007C1276 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 007C1225 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007C1240 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 007C1333 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 007C134E I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 007C12E2 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 007C1291 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 007C12FD I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209A37DD I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 007C12C7 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 007C125B I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007C13BA I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 007C1117 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 20A93D71 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 20A93BA8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 007C14AD I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!send 71AB4C27 5 Bytes JMP 20A93CD3 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20A93E15 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20A93C29 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 20A93F07 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 007C1492 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSASendDisconnect 71AC0A22 5 Bytes JMP 20A9409B I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 20A93FCE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 007C1441 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 007C1426 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 007C13F0 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 007C140B I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WININET.dll!InternetConnectA 771C3452 5 Bytes JMP 007C145C I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\Program Files\Mozilla Firefox\firefox.exe[644] WININET.dll!InternetConnectW 771CEE00 5 Bytes JMP 007C1477 I:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text I:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[676] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[720] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
-
Darkness
- Návštěvník
- Příspěvky: 67
- Registrován: 13 bře 2008 07:17
- Bydliště: Tramtária
- Kontaktovat uživatele:
Re: Problém s vypínaním PC
.text I:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1292] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1292] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[732] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[896] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[956] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[996] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1068] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[1084] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1204] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1292] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1292] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1356] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[1592] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1760] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[1784] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2128] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2140] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2188] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
-
Darkness
- Návštěvník
- Příspěvky: 67
- Registrován: 13 bře 2008 07:17
- Bydliště: Tramtária
- Kontaktovat uživatele:
Re: Problém s vypínaním PC
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] advapi32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] advapi32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] advapi32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] advapi32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8676F5E0
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F773FC4C] sprn.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F773FCA0] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F770F040] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F770F13C] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F770F0BE] sprn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F770F7FC] sprn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F770F6D2] sprn.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 866072D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F771F048] sprn.sys
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!swprintf] C1815753
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeSetEvent] 00002590
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeCancelTimer] 43881855
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!sprintf] 7E8D503F
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] B9E85728
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ZwClose] E0835200
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoStartTimer] 06468A00
IAT \SystemRoot\System32\Drivers
\az9zd24m.SYS[ntoskrnl.exe!KeInitializeTimer]
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] advapi32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[3076] advapi32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\ZoneLabs\vsmon.exe[3084] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Phone\Skype.exe[3748] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] advapi32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] advapi32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8676F5E0
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F773FC4C] sprn.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F773FCA0] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F770F040] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F770F13C] sprn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F770F0BE] sprn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F770F7FC] sprn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F770F6D2] sprn.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 866072D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F771F048] sprn.sys
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!swprintf] C1815753
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeSetEvent] 00002590
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeCancelTimer] 43881855
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!sprintf] 7E8D503F
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] B9E85728
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ZwClose] E0835200
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoStartTimer] 06468A00
IAT \SystemRoot\System32\Drivers
\az9zd24m.SYS[ntoskrnl.exe!KeInitializeTimer]
-
Darkness
- Návštěvník
- Příspěvky: 67
- Registrován: 13 bře 2008 07:17
- Bydliště: Tramtária
- Kontaktovat uživatele:
Re: Problém s vypínaním PC
8306E8C0IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoInitializeTimer] 023C18C4
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ZwCreateKey] 52500000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeSetTimer] E85350F8
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!_allmul] FFFFF848
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!_except_handler3] BE7875C0
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!PoSetPowerState] 00000008
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!_aulldiv] 838D0000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!strstr] 00001A8C
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!_strupr] E850006A
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeTickCount] 808B8D00
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!memmove] 83FFFF68
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [BAF37480] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [BAF0BDB0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [BAF0C170] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [BAF0B7B0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [BAF0BF40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- User IAT/EAT - GMER 1.0.15 ----
IAT I:\WINDOWS\System32\alg.exe[260] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\Explorer.EXE[396] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\rundll32.exe[436] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Downloadz\gmer\gmer.exe[504] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Mozilla Firefox\firefox.exe[644] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\winlogon.exe[676] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\services.exe[720] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\lsass.exe[732] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[896] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[956] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\System32\svchost.exe[996] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[1068] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\LVCOMSX.EXE[1084] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[1204] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\spoolsv.exe[1356] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Java\jre6\bin\jqs.exe[1592] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[1760] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\wdfmgr.exe[1784] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Java\jre6\bin\jusched.exe[2128] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\optmouse.exe[2188] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\totalcmd\TOTALCMD.EXE[3076] @ I:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Skype\Phone\Skype.exe[3748] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] @ I:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867DA1F8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBPDO-0 865581F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8676D1F8
Device \Driver\usbuhci \Device\USBPDO-1 865581F8
Device \Driver\usbuhci \Device\USBPDO-2 865581F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6F379B66-88CA-4ACE-A8C6-7D6C3D6A4DA7} 863D7500
Device \Driver\usbehci \Device\USBPDO-3 865F81F8
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Ftdisk \Device\HarddiskVolume1 867DC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867DC1F8
Device \Driver\Cdrom \Device\CdRom0 865D91F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 867DC1F8
Device \Driver\Cdrom \Device\CdRom1 865D91F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7662B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7662B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7662B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7662B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [F7662B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBT_Tcpip_{BD9D6989-4E04-4DC9-96D6-BF7F319C66D9} 863D7500
Device \Driver\Ftdisk \Device\HarddiskVolume4 867DC1F8
Device \Driver\Cdrom \Device\CdRom2 865D91F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 867DC1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 863D7500
Device \Driver\PCI_PNP8650 \Device\0000004a sprn.sys
Device \Driver\NetBT \Device\NetbiosSmb 863D7500
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\sptd \Device\1939653650 sprn.sys
Device \Driver\usbuhci \Device\USBFDO-0 865581F8
Device \Driver\usbuhci \Device\USBFDO-1 865581F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8665E500
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-2 865581F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8665E500
Device \Driver\usbehci \Device\USBFDO-3 865F81F8
Device \Driver\Ftdisk \Device\FtControl 867DC1F8
Device \Driver\az9zd24m \Device\Scsi\az9zd24m1 865BF1F8
Device \Driver\az9zd24m \Device\Scsi\az9zd24m1Port2Path0Target0Lun0 865BF1F8
Device \FileSystem\Cdfs \Cdfs 864C7378
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x59 0xCD 0x81 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB9 0x49 0xDA 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x92 0xCE 0x13 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0x14 0x81 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB9 0x49 0xDA 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x18 0xA8 0x36 0x12 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x59 0xCD 0x81 0xD5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB9 0x49 0xDA 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x92 0xCE 0x13 0xF7 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- EOF - GMER 1.0.15 ----
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ZwCreateKey] 52500000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeSetTimer] E85350F8
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!_allmul] FFFFF848
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!_except_handler3] BE7875C0
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!PoSetPowerState] 00000008
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!_aulldiv] 838D0000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!strstr] 00001A8C
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!_strupr] E850006A
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!KeTickCount] 808B8D00
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!memmove] 83FFFF68
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\az9zd24m.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [BAF37480] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BAF16080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BAF143D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BAF167C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BAF15E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [BAF0BDB0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [BAF0C170] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [BAF0B7B0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [BAF0BF40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- User IAT/EAT - GMER 1.0.15 ----
IAT I:\WINDOWS\System32\alg.exe[260] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[272] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\Explorer.EXE[396] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\rundll32.exe[436] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Downloadz\gmer\gmer.exe[504] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Mozilla Firefox\firefox.exe[644] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\winlogon.exe[676] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\services.exe[720] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\lsass.exe[732] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[896] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[904] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[956] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\System32\svchost.exe[996] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[1068] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\LVCOMSX.EXE[1084] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[1204] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\spoolsv.exe[1356] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Java\jre6\bin\jqs.exe[1592] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[1612] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\CDBurnerXP\NMSAccessU.exe[1652] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1740] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[1760] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\wdfmgr.exe[1784] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1828] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[1876] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2052] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2072] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Java\jre6\bin\jusched.exe[2128] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\optmouse.exe[2188] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\AnVir Task Manager Free\AnVir.exe[2236] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Rainlendar2\Rainlendar2.exe[2248] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2288] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2320] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2640] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2712] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2744] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2780] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2832] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\totalcmd\TOTALCMD.EXE[3076] @ I:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Miranda pack by sssugi 2.2.1\miranda32.exe[3564] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Skype\Phone\Skype.exe[3748] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Skype\Plugin Manager\skypePM.exe[4028] @ I:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867DA1F8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBPDO-0 865581F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8676D1F8
Device \Driver\usbuhci \Device\USBPDO-1 865581F8
Device \Driver\usbuhci \Device\USBPDO-2 865581F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6F379B66-88CA-4ACE-A8C6-7D6C3D6A4DA7} 863D7500
Device \Driver\usbehci \Device\USBPDO-3 865F81F8
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Ftdisk \Device\HarddiskVolume1 867DC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867DC1F8
Device \Driver\Cdrom \Device\CdRom0 865D91F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 867DC1F8
Device \Driver\Cdrom \Device\CdRom1 865D91F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7662B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7662B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7662B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7662B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [F7662B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBT_Tcpip_{BD9D6989-4E04-4DC9-96D6-BF7F319C66D9} 863D7500
Device \Driver\Ftdisk \Device\HarddiskVolume4 867DC1F8
Device \Driver\Cdrom \Device\CdRom2 865D91F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 867DC1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 863D7500
Device \Driver\PCI_PNP8650 \Device\0000004a sprn.sys
Device \Driver\NetBT \Device\NetbiosSmb 863D7500
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\sptd \Device\1939653650 sprn.sys
Device \Driver\usbuhci \Device\USBFDO-0 865581F8
Device \Driver\usbuhci \Device\USBFDO-1 865581F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8665E500
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-2 865581F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8665E500
Device \Driver\usbehci \Device\USBFDO-3 865F81F8
Device \Driver\Ftdisk \Device\FtControl 867DC1F8
Device \Driver\az9zd24m \Device\Scsi\az9zd24m1 865BF1F8
Device \Driver\az9zd24m \Device\Scsi\az9zd24m1Port2Path0Target0Lun0 865BF1F8
Device \FileSystem\Cdfs \Cdfs 864C7378
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x59 0xCD 0x81 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB9 0x49 0xDA 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x92 0xCE 0x13 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0x14 0x81 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB9 0x49 0xDA 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x18 0xA8 0x36 0x12 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x59 0xCD 0x81 0xD5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB9 0x49 0xDA 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x92 0xCE 0x13 0xF7 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- EOF - GMER 1.0.15 ----
Re: Problém s vypínaním PC
Já tam vidím ještě zbytky od comoda, odinstaloval jste ho řádně?
:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript
-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem
Z mého podpisu stahněte Ccleaner
-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy udělat zálohu registrů - nemusíte
-kliknete opravit všechny problémy ok zavřít
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript
Kód: Vybrat vše
:processes
explorer.exe
:files
I:\WINDOWS\system32\*.tmp.dll /s
I:\WINDOWS\system32\SET*.tmp /s
I:\WINDOWS\*.tmp /s
I:\WINDOWS\system32\cssdll32.dll
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
:commands
[emptytemp]
[Reboot]-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem
Z mého podpisu stahněte Ccleaner-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy
udělat zálohu registrů - nemusíte-kliknete opravit všechny problémy
ok zavřítCcleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu
do okénka zkopírujte
okKód: Vybrat vše
"%userprofile%\plocha\mbr" -t
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Darkness
- Návštěvník
- Příspěvky: 67
- Registrován: 13 bře 2008 07:17
- Bydliště: Tramtária
- Kontaktovat uživatele:
Re: Problém s vypínaním PC
Nepamätám sa, žeby pri odinštalácii Comoda bol nejaký problém, myslím, že sa odisštaloval normálne.
Log z OTM:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder I:\WINDOWS\system32\*.tmp.dll not found.
File/Folder I:\WINDOWS\system32\SET*.tmp not found.
I:\WINDOWS\Internet Logs\xDB4C.tmp moved successfully.
I:\WINDOWS\system32\CatRoot\TMP5.tmp moved successfully.
File move failed. I:\WINDOWS\Temp\ZLT033e3.TMP scheduled to be moved on reboot.
I:\WINDOWS\Temp\ZLT07be5.TMP moved successfully.
I:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
DllUnregisterServer procedure not found in I:\WINDOWS\system32\cssdll32.dll
I:\WINDOWS\system32\cssdll32.dll moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: All Users.WINDOWS
User: Darkness
->Temp folder emptied: 2834291 bytes
->Temporary Internet Files folder emptied: 119602 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 76941386 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: elgy
User: LocalService
->Temp folder emptied: 990120 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Neroon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 989880 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1062216 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 79,13 mb
OTM by OldTimer - Version 3.1.2.2 log created on 12152009_172718
Files moved on Reboot...
File I:\WINDOWS\Temp\ZLT033e3.TMP not found!
I:\Documents and Settings\Darkness\Local Settings\Temp\~DFB319.tmp moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\Cache\_CACHE_001_ moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\Cache\_CACHE_002_ moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\Cache\_CACHE_003_ moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\Cache\_CACHE_MAP_ moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\urlclassifier3.sqlite moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\XUL.mfl moved successfully.
Registry entries deleted on Reboot...
Alsolvoval som aj čistenie cez CCleaner a odinštaloval som Deamon Tools, SPTD som použil, Logy z Gmeru rozdelím do nových príspevkov
Nakoniec Log z MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 62 !
Log z OTM:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder I:\WINDOWS\system32\*.tmp.dll not found.
File/Folder I:\WINDOWS\system32\SET*.tmp not found.
I:\WINDOWS\Internet Logs\xDB4C.tmp moved successfully.
I:\WINDOWS\system32\CatRoot\TMP5.tmp moved successfully.
File move failed. I:\WINDOWS\Temp\ZLT033e3.TMP scheduled to be moved on reboot.
I:\WINDOWS\Temp\ZLT07be5.TMP moved successfully.
I:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
DllUnregisterServer procedure not found in I:\WINDOWS\system32\cssdll32.dll
I:\WINDOWS\system32\cssdll32.dll moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: All Users.WINDOWS
User: Darkness
->Temp folder emptied: 2834291 bytes
->Temporary Internet Files folder emptied: 119602 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 76941386 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: elgy
User: LocalService
->Temp folder emptied: 990120 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Neroon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 989880 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1062216 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 79,13 mb
OTM by OldTimer - Version 3.1.2.2 log created on 12152009_172718
Files moved on Reboot...
File I:\WINDOWS\Temp\ZLT033e3.TMP not found!
I:\Documents and Settings\Darkness\Local Settings\Temp\~DFB319.tmp moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\Cache\_CACHE_001_ moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\Cache\_CACHE_002_ moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\Cache\_CACHE_003_ moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\Cache\_CACHE_MAP_ moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\urlclassifier3.sqlite moved successfully.
I:\Documents and Settings\Darkness\Local Settings\Application Data\Mozilla\Firefox\Profiles\rc0h7faf.default\XUL.mfl moved successfully.
Registry entries deleted on Reboot...
Alsolvoval som aj čistenie cez CCleaner a odinštaloval som Deamon Tools, SPTD som použil, Logy z Gmeru rozdelím do nových príspevkov
Nakoniec Log z MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 62 !
-
Darkness
- Návštěvník
- Příspěvky: 67
- Registrován: 13 bře 2008 07:17
- Bydliště: Tramtária
- Kontaktovat uživatele:
Re: Problém s vypínaním PC
Prvý log:
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit quick scan 2009-12-15 18:40:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: I:\DOCUME~1\Darkness\LOCALS~1\Temp\ugtdypog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- EOF - GMER 1.0.15 ----
Druhý:
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-15 19:18:17
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: I:\DOCUME~1\Darkness\LOCALS~1\Temp\ugtdypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB6EF0630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB6EE9D80]
SSDT F7F5D6E6 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB6EF0E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB6F07D30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB6F08150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB6F12240]
SSDT F7F5D6DC ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB6EF0FB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB6EEAC60]
SSDT F7F5D6EB ZwDeleteKey
SSDT F7F5D6F5 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB6F06E70]
SSDT F7F5D6FA ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB6F102B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB6EEA750]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB6F0A450]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB6F0A020]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB6F11430]
SSDT F7F5D704 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB6EF0180]
SSDT F7F5D6FF ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB6EF0910]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB6EEB080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB6F118E0]
SSDT F7F5D6F0 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB6F08D20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB6F08A50]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [40, 0E, EF, B6, 30, 7D, F0, ...]
---- User code sections - GMER 1.0.15 ----
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1616] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1616] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209A37DD I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit quick scan 2009-12-15 18:40:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: I:\DOCUME~1\Darkness\LOCALS~1\Temp\ugtdypog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- EOF - GMER 1.0.15 ----
Druhý:
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-15 19:18:17
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: I:\DOCUME~1\Darkness\LOCALS~1\Temp\ugtdypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB6EF0630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB6EE9D80]
SSDT F7F5D6E6 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB6EF0E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB6F07D30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB6F08150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB6F12240]
SSDT F7F5D6DC ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB6EF0FB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB6EEAC60]
SSDT F7F5D6EB ZwDeleteKey
SSDT F7F5D6F5 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB6F06E70]
SSDT F7F5D6FA ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB6F102B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB6EEA750]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB6F0A450]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB6F0A020]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB6F11430]
SSDT F7F5D704 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB6EF0180]
SSDT F7F5D6FF ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB6EF0910]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB6EEB080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB6F118E0]
SSDT F7F5D6F0 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB6F08D20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB6F08A50]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [40, 0E, EF, B6, 30, 7D, F0, ...]
---- User code sections - GMER 1.0.15 ----
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jqs.exe[164] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[440] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\wdfmgr.exe[512] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\winlogon.exe[656] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\services.exe[700] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\lsass.exe[712] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[876] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[936] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\svchost.exe[976] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1056] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\svchost.exe[1188] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\Explorer.EXE[1416] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1616] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1616] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209A37DD I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20C291E8 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\System32\alg.exe[1864] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Downloadz\gmer\gmer.exe[2224] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\LVCOMSX.EXE[2236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
-
Darkness
- Návštěvník
- Příspěvky: 67
- Registrován: 13 bře 2008 07:17
- Bydliště: Tramtária
- Kontaktovat uživatele:
Re: Problém s vypínaním PC
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] advapi32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] advapi32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Java\jre6\bin\jusched.exe[2476] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2516] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\WINDOWS\system32\optmouse.exe[2584] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] ADVAPI32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C28709 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C28CD0 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C28923 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C283E4 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20C28207 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20C281D2 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] advapi32.dll!ImpersonateNamedPipeClient 77DD7416 5 Bytes JMP 20C28DD5 I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text I:\totalcmd\TOTALCMD.EXE[4052] advapi32.dll!SetThreadToken 77DDF183 5 Bytes JMP 20C28FAE I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
-
Darkness
- Návštěvník
- Příspěvky: 67
- Registrován: 13 bře 2008 07:17
- Bydliště: Tramtária
- Kontaktovat uživatele:
Re: Problém s vypínaním PC
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B6F17480] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B6EEBDB0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B6EEC170] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [B6EEB7B0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [B6EEBF40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- User IAT/EAT - GMER 1.0.15 ----
IAT J:\Program Files\Java\jre6\bin\jqs.exe[164] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[440] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\wdfmgr.exe[512] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\winlogon.exe[656] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\services.exe[700] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\lsass.exe[712] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[876] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[936] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\System32\svchost.exe[976] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[1056] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[1188] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\Explorer.EXE[1416] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\spoolsv.exe[1668] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\System32\alg.exe[1864] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Downloadz\gmer\gmer.exe[2224] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\LVCOMSX.EXE[2236] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Java\jre6\bin\jusched.exe[2476] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\optmouse.exe[2584] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\totalcmd\TOTALCMD.EXE[4052] @ I:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0x76 0x6C 0xE2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0x14 0x81 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB9 0x49 0xDA 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x18 0xA8 0x36 0x12 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0x76 0x6C 0xE2 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- EOF - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B6F17480] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B6EF6080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B6EF43D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B6EF67C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B6EF5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B6EEBDB0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B6EEC170] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [B6EEB7B0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [B6EEBF40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- User IAT/EAT - GMER 1.0.15 ----
IAT J:\Program Files\Java\jre6\bin\jqs.exe[164] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT i:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[192] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\CDBurnerXP\NMSAccessU.exe[224] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[404] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[440] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\wdfmgr.exe[512] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\winlogon.exe[656] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\services.exe[700] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\lsass.exe[712] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[876] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[936] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\System32\svchost.exe[976] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[1056] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\svchost.exe[1188] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\Explorer.EXE[1416] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\spoolsv.exe[1668] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\CheckPoint\ZAForceField\ForceField.exe[1720] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\System32\alg.exe[1864] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Avira\AntiVir Desktop\avguard.exe[2008] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Downloadz\gmer\gmer.exe[2224] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\LVCOMSX.EXE[2236] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Analog Devices\SoundMAX\SMTray.exe[2260] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2300] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe[2340] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2400] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2420] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Java\jre6\bin\jusched.exe[2476] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\WINDOWS\system32\optmouse.exe[2584] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\AnVir Task Manager Free\AnVir.exe[2604] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Rainlendar2\Rainlendar2.exe[2612] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT J:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2636] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2816] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3236] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3296] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3372] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3400] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3452] @ I:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT I:\totalcmd\TOTALCMD.EXE[4052] @ I:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] I:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0x76 0x6C 0xE2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 I:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0x14 0x81 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB9 0x49 0xDA 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x18 0xA8 0x36 0x12 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4A 0x76 0x6C 0xE2 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- EOF - GMER 1.0.15 ----
Re: Problém s vypínaním PC
Změnilo se něco?
Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179
-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Darkness
- Návštěvník
- Příspěvky: 67
- Registrován: 13 bře 2008 07:17
- Bydliště: Tramtária
- Kontaktovat uživatele:
Re: Problém s vypínaním PC
Takže s tým reštartom sa nezmenilo nič, stále to tak dlho trvá, AVP skenuje straaaašne dlho, tu sú výsledky:
Autoscan: completed 19 minutes ago (events: 6, objects: 397747, time: 04:53:37)
18. 12. 2009 8:55:58 Task started
18. 12. 2009 12:01:53 Detected: Trojan-GameThief.Win32.OnLineGames.vwdp C:\Soft\Visual styles\Windows_Se7en_Theme_1.1\Windows_Se7en_Theme_1.1.exe/file2594
18. 12. 2009 12:02:54 Deleted: Trojan-GameThief.Win32.OnLineGames.vwdp C:\Soft\Visual styles\Windows_Se7en_Theme_1.1\Windows_Se7en_Theme_1.1.exe
18. 12. 2009 12:04:36 Detected: Trojan-GameThief.Win32.OnLineGames.vwdp C:\System Volume Information\_restore{8CF1B957-3722-4FED-B56D-DA5887ABA1EE}\RP88\A0009605.exe/file2594
18. 12. 2009 12:05:17 Deleted: Trojan-GameThief.Win32.OnLineGames.vwdp C:\System Volume Information\_restore{8CF1B957-3722-4FED-B56D-DA5887ABA1EE}\RP88\A0009605.exe
18. 12. 2009 13:49:35 Task completed
Autoscan: completed 19 minutes ago (events: 6, objects: 397747, time: 04:53:37)
18. 12. 2009 8:55:58 Task started
18. 12. 2009 12:01:53 Detected: Trojan-GameThief.Win32.OnLineGames.vwdp C:\Soft\Visual styles\Windows_Se7en_Theme_1.1\Windows_Se7en_Theme_1.1.exe/file2594
18. 12. 2009 12:02:54 Deleted: Trojan-GameThief.Win32.OnLineGames.vwdp C:\Soft\Visual styles\Windows_Se7en_Theme_1.1\Windows_Se7en_Theme_1.1.exe
18. 12. 2009 12:04:36 Detected: Trojan-GameThief.Win32.OnLineGames.vwdp C:\System Volume Information\_restore{8CF1B957-3722-4FED-B56D-DA5887ABA1EE}\RP88\A0009605.exe/file2594
18. 12. 2009 12:05:17 Deleted: Trojan-GameThief.Win32.OnLineGames.vwdp C:\System Volume Information\_restore{8CF1B957-3722-4FED-B56D-DA5887ABA1EE}\RP88\A0009605.exe
18. 12. 2009 13:49:35 Task completed
Přispějete na provoz fóra?