pravdepodobne rootkit v notebooku

Zpráva

morlock · #16 Příspěvek od **morlock** » 04 zář 2010 16:57

pokracuje log z gmeru

.text C:\Windows\system32\svchost.exe[116] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[116] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[116] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[116] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[116] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[116] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[116] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[116] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[116] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[564] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[564] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[564] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[564] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[564] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[564] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[564] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[640] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[640] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[640] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[640] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[640] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[640] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[640] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[640] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[656] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[656] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[656] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[656] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[656] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[656] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[656] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[656] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[664] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[664] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[664] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[664] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[664] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[664] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[664] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[664] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[664] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[728] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[728] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[728] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[728] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[728] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[728] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[728] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[728] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[728] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[816] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[816] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[816] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[816] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[816] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[816] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[816] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[816] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[816] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[892] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[892] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[892] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[892] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[892] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[892] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[892] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[892] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[892] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[904] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[904] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[904] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[904] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[904] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[904] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1108] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1124] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1264] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[1316] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[1316] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[1316] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[1316] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[1316] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[1316] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[1316] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[1316] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[1316] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\FsUsbExService.Exe[1352] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\FsUsbExService.Exe[1352] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\FsUsbExService.Exe[1352] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\FsUsbExService.Exe[1352] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\FsUsbExService.Exe[1352] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\FsUsbExService.Exe[1352] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\FsUsbExService.Exe[1352] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\FsUsbExService.Exe[1352] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\FsUsbExService.Exe[1352] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1396] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apntex.exe[1548] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apntex.exe[1548] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apntex.exe[1548] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apntex.exe[1548] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apntex.exe[1548] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apntex.exe[1548] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apntex.exe[1548] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apntex.exe[1548] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apntex.exe[1548] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1580] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1580] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1580] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1580] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1580] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1580] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1580] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1580] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1580] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

morlock · #17 Příspěvek od **morlock** » 04 zář 2010 16:58

.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1732] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1732] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1732] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1732] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1732] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1732] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1732] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1732] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1732] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1752] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1752] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1752] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1752] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1752] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1752] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1752] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1752] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1752] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1764] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1764] USER32.dll!IsWindowUnicode + 37 765990B5 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[1808] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[1808] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[1808] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[1808] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[1808] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[1808] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[1808] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[1808] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[1808] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2068] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2068] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2068] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2068] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2068] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2068] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2068] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2068] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2068] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2120] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2120] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2120] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2120] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2120] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2120] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2120] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2120] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2120] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2164] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2164] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2164] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2164] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2164] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2164] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2164] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2164] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[2248] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[2248] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[2248] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[2248] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[2248] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[2248] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[2248] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[2248] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[2248] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2272] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2272] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2272] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2272] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2272] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2272] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2272] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2272] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2272] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2280] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2280] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2280] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2280] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2280] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2280] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2280] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2280] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[2280] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2360] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2360] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2360] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2360] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2360] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2360] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2360] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2360] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[2360] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[2492] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[2492] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[2492] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[2492] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[2492] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[2492] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[2492] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[2492] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[2492] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2564] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2564] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2564] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2564] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2564] kernel32.dll!SetUnhandledExceptionFilter 76A0A84F 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2564] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2564] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2564] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2564] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[2564] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2664] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2664] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2664] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2664] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2664] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2664] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2664] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2664] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\WUDFHost.exe[2664] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Kerry Dunne\Desktop\gmer.exe[2824] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Kerry Dunne\Desktop\gmer.exe[2824] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Kerry Dunne\Desktop\gmer.exe[2824] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Kerry Dunne\Desktop\gmer.exe[2824] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Kerry Dunne\Desktop\gmer.exe[2824] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Kerry Dunne\Desktop\gmer.exe[2824] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Kerry Dunne\Desktop\gmer.exe[2824] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Kerry Dunne\Desktop\gmer.exe[2824] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\Kerry Dunne\Desktop\gmer.exe[2824] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\KERRYD~1\AppData\Local\Temp\RtkBtMnt.exe[2908] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\KERRYD~1\AppData\Local\Temp\RtkBtMnt.exe[2908] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\KERRYD~1\AppData\Local\Temp\RtkBtMnt.exe[2908] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\KERRYD~1\AppData\Local\Temp\RtkBtMnt.exe[2908] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\KERRYD~1\AppData\Local\Temp\RtkBtMnt.exe[2908] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\KERRYD~1\AppData\Local\Temp\RtkBtMnt.exe[2908] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\KERRYD~1\AppData\Local\Temp\RtkBtMnt.exe[2908] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\KERRYD~1\AppData\Local\Temp\RtkBtMnt.exe[2908] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\KERRYD~1\AppData\Local\Temp\RtkBtMnt.exe[2908] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2996] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2996] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2996] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2996] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2996] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2996] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2996] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2996] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2996] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3008] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3008] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3008] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3008] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3008] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

morlock · #18 Příspěvek od **morlock** » 04 zář 2010 16:59

.text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3008] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxpers.exe[3008] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3152] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3152] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3152] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3152] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3152] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3152] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3152] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3152] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\unsecapp.exe[3152] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3192] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3192] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3192] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3192] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3192] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3192] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3192] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3192] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3192] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3200] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3200] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3200] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3200] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3200] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3200] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3200] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3200] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxsrvc.exe[3200] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[3308] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[3308] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[3308] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[3308] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[3308] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[3308] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[3308] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[3308] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\igfxext.exe[3308] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\mobsync.exe[3684] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\mobsync.exe[3684] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\mobsync.exe[3684] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\mobsync.exe[3684] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\mobsync.exe[3684] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\mobsync.exe[3684] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\mobsync.exe[3684] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\mobsync.exe[3684] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\mobsync.exe[3684] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3700] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3700] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3700] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3700] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3700] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3700] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3700] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3700] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3700] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[3776] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[3776] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[3776] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[3776] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[3776] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[3776] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[3776] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[3776] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchProtocolHost.exe[3776] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[3804] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[3804] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[3804] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[3804] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[3804] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[3804] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[3804] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[3804] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\SearchFilterHost.exe[3804] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\LManager.exe[3832] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\LManager.exe[3832] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\LManager.exe[3832] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\LManager.exe[3832] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\LManager.exe[3832] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\LManager.exe[3832] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\LManager.exe[3832] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3848] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3848] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3848] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3848] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3848] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3848] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3848] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3848] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\igfxtray.exe[3848] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3856] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3856] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3856] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3856] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3856] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3856] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3856] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3856] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\hkcmd.exe[3856] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3864] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

morlock · #19 Příspěvek od **morlock** » 04 zář 2010 17:00

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3864] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3864] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3864] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3864] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3864] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3864] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3864] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3864] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apoint.exe[3872] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apoint.exe[3872] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apoint.exe[3872] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apoint.exe[3872] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apoint.exe[3872] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apoint.exe[3872] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apoint.exe[3872] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apoint.exe[3872] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Apoint2K\Apoint.exe[3872] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[3880] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[3880] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[3880] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[3880] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[3880] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[3880] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[3880] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[3880] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[3880] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3896] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3896] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3896] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3896] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3896] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3896] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3896] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3896] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3896] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3916] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3916] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3916] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3916] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3916] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3916] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3916] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3916] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3916] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ntdll.dll!NtAccessCheckByType 76FC4044 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ntdll.dll!NtAlpcImpersonateClientOfPort 76FC4214 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ntdll.dll!NtImpersonateClientOfPort 76FC49E4 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ntdll.dll!NtSetInformationProcess 76FC5324 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] kernel32.dll!OpenProcess 76A27267 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ADVAPI32.dll!ImpersonateNamedPipeClient 764D3A48 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ADVAPI32.dll!SetThreadToken 764E8E21 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] USER32.dll!FindWindowA 76599D76 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] USER32.dll!FindWindowW 765AA441 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\svchost.exe[116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\wininit.exe[564] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\services.exe[640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\lsass.exe[656] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\lsm.exe[664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1124] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1264] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[1316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\FsUsbExService.Exe[1352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1396] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Apoint2K\Apntex.exe[1548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1580] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1752] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Apoint2K\ApMsgFwd.exe[1808] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\spoolsv.exe[1980] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[2004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2068] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2120] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[2164] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\igfxext.exe[2248] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[2272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\taskeng.exe[2280] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\SearchIndexer.exe[2360] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\igfxsrvc.exe[2492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7402A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FDBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FCF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FCE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74008395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FDDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FCFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FCFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7405CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FCD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\WUDFHost.exe[2664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Users\Kerry Dunne\Desktop\gmer.exe[2824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Users\KERRYD~1\AppData\Local\Temp\RtkBtMnt.exe[2908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\igfxpers.exe[3008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\wbem\unsecapp.exe[3152] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\taskeng.exe[3192] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\igfxsrvc.exe[3200] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\igfxext.exe[3308] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\mobsync.exe[3684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\wbem\wmiprvse.exe[3700] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Launch Manager\LManager.exe[3832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\igfxtray.exe[3848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\hkcmd.exe[3856] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Apoint2K\Apoint.exe[3872] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[3880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#20 Příspěvek od **vyosek** » 04 zář 2010 18:42

Logy z gmeru jsou OK, ale mbr je treba napravit

Kliknete na mbr pravym mysidlem - dejte Vlastnoti - zalozka Kompatibilita - zaskrtnete "Spustit jako spravce"

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\Desktop\mbr" -t
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

morlock · #21 Příspěvek od **morlock** » 04 zář 2010 18:57

ok tady to je

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
kernel: MBR read successfully
user & kernel MBR OK

#22 Příspěvek od **vyosek** » 04 zář 2010 19:21

log je tez OK, jak se chova PC

morlock · #23 Příspěvek od **morlock** » 04 zář 2010 19:36

Pocitac se chova v poho

, internet uz funguje, jedina vec - obcas to vyhodi hlasku ze windows zablokovaly nejake programy pri startupu - zrejme se jedna o ten programek Malwarebyte's ...
Moc diky za pomoc

, to bylo asi poprve v zivote kdy me odstranovani viru bavilo

, docela vazne uvazuju ze bych se prihlasil do ty vasi sekce pro novacky a trochu tudle problematiku prostudoval

#24 Příspěvek od **vyosek** » 05 zář 2010 05:35

Takze jdeme uklizet, pripadne sem hodte screen te hlasky (navod zde http://www.viry.cz/forum/viewtopic.php?f=15&t=14114 ). Ne vzdy musi odstranovani koncit formatem, to je az nejzazsi a posledni moznost, hlavne u virutu, jinak jde vetsina odstranit...Nez pujdete do skoly pro N je treba mit rank vzorny navstevnik (vice zde http://www.viry.cz/forum/viewtopic.php?t=43122 a obrazkovy navod tady http://www.james008.net/web/pluginy/vir ... ycz/VN.jpg )

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

Znovu spusťte Usbfix a zvolte možnost Uninstall.

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Vlozte novy log ze RSITu

morlock · #25 Příspěvek od **morlock** » 05 zář 2010 15:45

Snad jsem vse zvladl dle navodu

- tady je vypis z RSITu

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kerry Dunne at 2010-09-05 15:38:00
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 105 GB (74%) free of 142 GB
Total RAM: 3001 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:38:14, on 05/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\KERRYD~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Users\Kerry Dunne\AppData\Local\Google\Update\GoogleUpdate.exe
E:\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Kerry Dunne.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7977 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"WarReg_PopUp"=C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [2008-11-04 57344]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-11 6724128]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-11-05 154136]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2009-02-12 862728]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-11-05 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-11-05 178712]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-07-21 159744]
"Acer ePower Management"=C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [2009-04-03 698912]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtamon]
C:\Program Files\Dell V305\dldtamon.exe [2008-06-24 16624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtmon.exe]
C:\Program Files\Dell V305\dldtmon.exe [2008-06-24 668912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-10-28 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-09-05 15:38:00 ----D---- C:\rsit
2010-09-05 15:29:44 ----D---- C:\Program Files\CCleaner
2010-09-04 03:20:15 ----D---- C:\Program Files\Windows Portable Devices
2010-09-04 03:04:08 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-09-04 03:04:08 ----A---- C:\Windows\system32\UIAnimation.dll
2010-09-04 03:04:07 ----A---- C:\Windows\system32\UIRibbon.dll
2010-09-04 03:03:42 ----A---- C:\Windows\system32\WMPhoto.dll
2010-09-04 03:03:42 ----A---- C:\Windows\system32\cdd.dll
2010-09-04 03:03:41 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-09-04 03:03:41 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2010-09-04 03:03:41 ----A---- C:\Windows\system32\d3d10warp.dll
2010-09-04 03:03:40 ----A---- C:\Windows\system32\xpsservices.dll
2010-09-04 03:03:40 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-09-04 03:03:40 ----A---- C:\Windows\system32\XpsPrint.dll
2010-09-04 03:03:40 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-09-04 03:03:40 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-09-04 03:03:40 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-09-04 03:03:40 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-09-04 03:03:40 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-09-04 03:03:40 ----A---- C:\Windows\system32\OpcServices.dll
2010-09-04 03:03:40 ----A---- C:\Windows\system32\FntCache.dll
2010-09-04 03:03:40 ----A---- C:\Windows\system32\dxdiagn.dll
2010-09-04 03:03:40 ----A---- C:\Windows\system32\dxdiag.exe
2010-09-04 03:03:40 ----A---- C:\Windows\system32\d2d1.dll
2010-09-04 03:03:39 ----A---- C:\Windows\system32\dxgi.dll
2010-09-04 03:03:39 ----A---- C:\Windows\system32\DWrite.dll
2010-09-04 03:03:39 ----A---- C:\Windows\system32\d3d11.dll
2010-09-04 03:03:39 ----A---- C:\Windows\system32\d3d10level9.dll
2010-09-04 03:03:39 ----A---- C:\Windows\system32\d3d10core.dll
2010-09-04 03:03:39 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-09-04 03:03:39 ----A---- C:\Windows\system32\d3d10_1.dll
2010-09-04 03:03:39 ----A---- C:\Windows\system32\d3d10.dll
2010-09-04 03:03:17 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-09-04 03:03:17 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-09-04 03:03:17 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-09-04 03:03:06 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-09-04 03:03:02 ----A---- C:\Windows\system32\WPDSp.dll
2010-09-04 03:03:02 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-09-04 03:03:02 ----A---- C:\Windows\system32\wpdshext.dll
2010-09-04 03:03:02 ----A---- C:\Windows\system32\wpd_ci.dll
2010-09-04 03:03:02 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-09-04 03:03:02 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-09-04 03:03:02 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-09-04 03:03:02 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-09-04 03:02:08 ----A---- C:\Windows\system32\oleaccrc.dll
2010-09-04 03:02:07 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-09-04 03:02:07 ----A---- C:\Windows\system32\oleacc.dll
2010-09-03 19:38:59 ----D---- C:\Users\Kerry Dunne\AppData\Roaming\Malwarebytes
2010-09-03 19:38:16 ----D---- C:\ProgramData\Malwarebytes
2010-09-03 19:04:36 ----SHD---- C:\$RECYCLE.BIN
2010-09-03 16:44:00 ----D---- C:\Users\Kerry Dunne\AppData\Roaming\CheckPoint
2010-09-03 16:43:30 ----D---- C:\Program Files\CheckPoint
2010-09-03 16:43:11 ----A---- C:\Windows\system32\vsregexp.dll
2010-09-03 16:42:56 ----A---- C:\Windows\system32\drivers\netio.sys
2010-09-03 16:42:45 ----A---- C:\Windows\system32\zlcommdb.dll
2010-09-03 16:42:45 ----A---- C:\Windows\system32\zlcomm.dll
2010-09-03 16:42:41 ----A---- C:\Windows\system32\vswmi.dll
2010-09-03 16:42:38 ----A---- C:\Windows\system32\zpeng25.dll
2010-09-03 16:42:37 ----A---- C:\Windows\system32\vsxml.dll
2010-09-03 16:42:36 ----A---- C:\Windows\system32\vspubapi.dll
2010-09-03 16:42:36 ----A---- C:\Windows\system32\vsmonapi.dll
2010-09-03 16:42:35 ----A---- C:\Windows\system32\vsdata.dll
2010-09-03 16:42:30 ----D---- C:\Windows\system32\ZoneLabs
2010-09-03 16:42:30 ----A---- C:\Windows\system32\drivers\vsdatant.sys
2010-09-03 16:42:29 ----D---- C:\Program Files\Zone Labs
2010-09-03 16:41:53 ----D---- C:\Windows\Internet Logs
2010-09-03 16:41:53 ----D---- C:\ProgramData\CheckPoint
2010-09-03 16:41:53 ----A---- C:\Windows\system32\vsinit.dll
2010-09-03 16:41:52 ----A---- C:\Windows\system32\vsutil.dll
2010-09-03 16:39:07 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-09-03 16:39:06 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-09-03 16:39:04 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-09-03 16:39:01 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-09-03 16:38:45 ----A---- C:\Windows\system32\aswBoot.exe
2010-09-03 16:19:52 ----ASH---- C:\hiberfil.sys
2010-09-03 16:16:26 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-09-03 14:55:28 ----RAD---- C:\Autorun.inf
2010-09-02 23:06:43 ----D---- C:\Program Files\trend micro
2010-09-02 23:06:24 ----D---- C:\Antivir
2010-09-02 21:41:53 ----D---- C:\Windows\system32\vi-VN
2010-09-02 21:41:53 ----D---- C:\Windows\system32\eu-ES
2010-09-02 21:41:53 ----D---- C:\Windows\system32\ca-ES
2010-09-02 07:15:36 ----D---- C:\ProgramData\Lavasoft
2010-09-02 06:35:00 ----D---- C:\Windows\system32\EventProviders
2010-09-02 03:25:33 ----D---- C:\Windows\pss
2010-09-02 02:59:10 ----D---- C:\ProgramData\Alwil Software
2010-09-02 02:59:10 ----D---- C:\Program Files\Alwil Software
2010-08-27 09:33:39 ----D---- C:\Program Files\Common Files\DESIGNER
2010-08-27 09:30:50 ----D---- C:\Program Files\Microsoft Analysis Services
2010-08-27 00:42:19 ----D---- C:\Users\Kerry Dunne\AppData\Roaming\Template
2010-08-17 02:05:37 ----D---- C:\Users\Kerry Dunne\AppData\Roaming\PC Suite
2010-08-17 02:05:37 ----D---- C:\ProgramData\PC Suite
2010-08-16 23:05:30 ----A---- C:\Windows\system32\nmwcdcls.dll
2010-08-16 23:05:25 ----D---- C:\Program Files\DIFX
2010-08-16 23:05:23 ----A---- C:\Windows\system32\drivers\pccsmcfd.sys
2010-08-16 23:05:21 ----DC---- C:\Windows\system32\DRVSTORE
2010-08-16 23:04:58 ----A---- C:\Windows\system32\drivers\ss_bwhnt.sys
2010-08-16 23:04:58 ----A---- C:\Windows\system32\drivers\ss_bwh.sys
2010-08-16 23:04:58 ----A---- C:\Windows\system32\drivers\ss_bmdm.sys
2010-08-16 23:04:58 ----A---- C:\Windows\system32\drivers\ss_bmdfl.sys
2010-08-16 23:04:58 ----A---- C:\Windows\system32\drivers\ss_bcmnt.sys
2010-08-16 23:04:58 ----A---- C:\Windows\system32\drivers\ss_bcm.sys
2010-08-16 23:04:58 ----A---- C:\Windows\system32\drivers\ss_bbus.sys
2010-08-16 23:04:29 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2010-08-16 22:54:04 ----A---- C:\Windows\system32\FsUsbExService.Exe
2010-08-16 22:54:04 ----A---- C:\Windows\system32\FsUsbExDisk.Sys
2010-08-16 22:54:04 ----A---- C:\Windows\system32\FsUsbExDevice.Dll
2010-08-16 22:53:31 ----D---- C:\Users\Kerry Dunne\AppData\Roaming\Samsung
2010-08-16 22:52:35 ----D---- C:\Program Files\MarkAny
2010-08-16 22:52:33 ----D---- C:\Program Files\PC Connectivity Solution
2010-08-16 22:51:52 ----D---- C:\Program Files\Samsung
2010-08-12 16:25:07 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2010-08-12 16:25:07 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-12 16:22:48 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 16:22:44 ----A---- C:\Windows\system32\ieapfltr.dll
2010-08-12 16:22:43 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 16:22:41 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 16:22:41 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 16:22:40 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 16:22:40 ----A---- C:\Windows\system32\mshtmled.dll
2010-08-12 16:22:40 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 16:22:40 ----A---- C:\Windows\system32\ieencode.dll
2010-08-12 16:22:11 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 16:20:21 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 16:20:16 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 16:20:11 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 16:20:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 02:43:07 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 02:43:05 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 02:43:05 ----A---- C:\Windows\system32\drivers\srv.sys

======List of files/folders modified in the last 1 months======

2010-09-05 15:38:15 ----D---- C:\Windows\Prefetch
2010-09-05 15:37:57 ----D---- C:\Windows\Temp
2010-09-05 15:36:16 ----SHD---- C:\Windows\Installer
2010-09-05 15:36:16 ----D---- C:\ProgramData\Google
2010-09-05 15:36:16 ----D---- C:\Program Files\Google
2010-09-05 15:35:35 ----D---- C:\Windows\System32
2010-09-05 15:35:35 ----D---- C:\Windows\inf
2010-09-05 15:35:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-05 15:30:56 ----D---- C:\Windows\Minidump
2010-09-05 15:30:56 ----D---- C:\Windows\Debug
2010-09-05 15:30:56 ----D---- C:\Windows
2010-09-05 15:29:44 ----RD---- C:\Program Files
2010-09-05 15:17:36 ----SHD---- C:\System Volume Information
2010-09-05 15:09:18 ----D---- C:\Windows\system32\drivers
2010-09-04 15:47:52 ----D---- C:\Windows\tracing
2010-09-04 14:32:55 ----D---- C:\Windows\PCHEALTH
2010-09-04 14:21:04 ----D---- C:\Windows\system32\Tasks
2010-09-04 03:38:07 ----D---- C:\Windows\rescache
2010-09-04 03:31:50 ----D---- C:\Windows\Microsoft.NET
2010-09-04 03:31:26 ----RSD---- C:\Windows\assembly
2010-09-04 03:20:15 ----D---- C:\Windows\system32\wbem
2010-09-04 03:20:15 ----D---- C:\Windows\system32\en-US
2010-09-04 03:20:15 ----D---- C:\Windows\system32\drivers\en-US
2010-09-04 03:20:13 ----D---- C:\Windows\system32\zh-TW
2010-09-04 03:20:13 ----D---- C:\Windows\system32\zh-HK
2010-09-04 03:20:13 ----D---- C:\Windows\system32\zh-CN
2010-09-04 03:20:13 ----D---- C:\Windows\system32\uk-UA
2010-09-04 03:20:13 ----D---- C:\Windows\system32\tr-TR
2010-09-04 03:20:13 ----D---- C:\Windows\system32\th-TH
2010-09-04 03:20:13 ----D---- C:\Windows\system32\sv-SE
2010-09-04 03:20:13 ----D---- C:\Windows\system32\sr-Latn-CS
2010-09-04 03:20:13 ----D---- C:\Windows\system32\sl-SI
2010-09-04 03:20:13 ----D---- C:\Windows\system32\sk-SK
2010-09-04 03:20:13 ----D---- C:\Windows\system32\ru-RU
2010-09-04 03:20:13 ----D---- C:\Windows\system32\ro-RO
2010-09-04 03:20:13 ----D---- C:\Windows\system32\pt-PT
2010-09-04 03:20:13 ----D---- C:\Windows\system32\pt-BR
2010-09-04 03:20:13 ----D---- C:\Windows\system32\pl-PL
2010-09-04 03:20:13 ----D---- C:\Windows\system32\nl-NL
2010-09-04 03:20:13 ----D---- C:\Windows\system32\nb-NO
2010-09-04 03:20:13 ----D---- C:\Windows\system32\lv-LV
2010-09-04 03:20:13 ----D---- C:\Windows\system32\lt-LT
2010-09-04 03:20:13 ----D---- C:\Windows\system32\ko-KR
2010-09-04 03:20:13 ----D---- C:\Windows\system32\ja-JP
2010-09-04 03:20:13 ----D---- C:\Windows\system32\it-IT
2010-09-04 03:20:13 ----D---- C:\Windows\system32\hu-HU
2010-09-04 03:20:13 ----D---- C:\Windows\system32\hr-HR
2010-09-04 03:20:13 ----D---- C:\Windows\system32\he-IL
2010-09-04 03:20:13 ----D---- C:\Windows\system32\fr-FR
2010-09-04 03:20:13 ----D---- C:\Windows\system32\fi-FI
2010-09-04 03:20:13 ----D---- C:\Windows\system32\et-EE
2010-09-04 03:20:13 ----D---- C:\Windows\system32\es-ES
2010-09-04 03:20:13 ----D---- C:\Windows\system32\el-GR
2010-09-04 03:20:13 ----D---- C:\Windows\system32\de-DE
2010-09-04 03:20:13 ----D---- C:\Windows\system32\da-DK
2010-09-04 03:20:13 ----D---- C:\Windows\system32\cs-CZ
2010-09-04 03:20:13 ----D---- C:\Windows\system32\bg-BG
2010-09-04 03:20:13 ----D---- C:\Windows\system32\ar-SA
2010-09-04 03:19:46 ----D---- C:\Windows\system32\drivers\UMDF
2010-09-04 03:04:26 ----D---- C:\Windows\winsxs
2010-09-04 03:04:16 ----D---- C:\Windows\system32\catroot
2010-09-04 03:03:57 ----D---- C:\Windows\system32\catroot2
2010-09-03 19:38:16 ----D---- C:\ProgramData
2010-09-03 19:08:41 ----D---- C:\Windows\system32\WDI
2010-09-03 19:04:38 ----A---- C:\Windows\system.ini
2010-09-03 19:04:31 ----D---- C:\Windows\system32\drivers\etc
2010-09-03 18:50:04 ----D---- C:\Users\Kerry Dunne\AppData\Roaming\Skype
2010-09-03 18:50:02 ----D---- C:\Windows\system32\config
2010-09-03 18:50:02 ----D---- C:\Boot
2010-09-03 18:49:10 ----D---- C:\Windows\Tasks
2010-09-03 18:45:46 ----D---- C:\Windows\AppPatch
2010-09-03 18:45:45 ----D---- C:\Program Files\Common Files
2010-09-03 15:57:42 ----D---- C:\ProgramData\Norton
2010-09-03 15:39:04 ----D---- C:\Windows\Logs
2010-09-02 21:42:19 ----D---- C:\Program Files\Windows Sidebar
2010-09-02 21:42:19 ----D---- C:\Program Files\Windows Photo Gallery
2010-09-02 21:42:19 ----D---- C:\Program Files\Windows Media Player
2010-09-02 21:42:19 ----D---- C:\Program Files\Windows Mail
2010-09-02 21:42:19 ----D---- C:\Program Files\Windows Collaboration
2010-09-02 21:42:19 ----D---- C:\Program Files\Windows Calendar
2010-09-02 21:42:19 ----D---- C:\Program Files\Movie Maker
2010-09-02 21:42:19 ----D---- C:\Program Files\Internet Explorer
2010-09-02 21:42:19 ----D---- C:\Program Files\Common Files\System
2010-09-02 21:42:18 ----D---- C:\Windows\servicing
2010-09-02 21:42:18 ----D---- C:\Program Files\Windows Defender
2010-09-02 21:42:17 ----D---- C:\Windows\system32\XPSViewer
2010-09-02 21:42:17 ----D---- C:\Windows\IME
2010-09-02 21:42:11 ----D---- C:\Windows\system32\SLUI
2010-09-02 21:42:11 ----D---- C:\Windows\system32\setup
2010-09-02 21:42:11 ----D---- C:\Windows\system32\oobe
2010-09-02 21:42:11 ----D---- C:\Windows\system32\migration
2010-09-02 21:42:11 ----D---- C:\Windows\system32\AdvancedInstallers
2010-09-02 21:42:10 ----D---- C:\Windows\system32\manifeststore
2010-09-02 21:42:10 ----D---- C:\Windows\system32\en
2010-09-02 21:42:09 ----D---- C:\Windows\system32\migwiz
2010-09-02 21:41:59 ----RSD---- C:\Windows\Fonts
2010-09-02 21:41:53 ----D---- C:\Windows\system32\Boot
2010-09-02 21:40:35 ----D---- C:\Windows\system32\RTCOM
2010-09-02 21:30:39 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2010-09-02 06:25:22 ----D---- C:\Windows\system32\LogFiles
2010-09-02 02:37:16 ----SD---- C:\ProgramData\Microsoft
2010-08-30 14:56:31 ----D---- C:\Windows\system32\spool
2010-08-30 14:56:31 ----D---- C:\Windows\system32\Msdtc
2010-08-30 14:56:31 ----D---- C:\Windows\registration
2010-08-30 14:47:48 ----SD---- C:\Users\Kerry Dunne\AppData\Roaming\Microsoft
2010-08-28 12:19:48 ----D---- C:\ProgramData\Microsoft Help
2010-08-27 09:34:23 ----D---- C:\Program Files\Common Files\microsoft shared
2010-08-27 09:33:30 ----D---- C:\Program Files\Microsoft Office
2010-08-27 09:30:51 ----D---- C:\Windows\SHELLNEW
2010-08-27 00:39:48 ----SD---- C:\Windows\Downloaded Program Files
2010-08-16 22:53:13 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-16 22:48:27 ----D---- C:\Program Files\Common Files\Adobe
2010-08-16 22:38:33 ----D---- C:\Users\Kerry Dunne\AppData\Roaming\Azureus
2010-08-13 13:45:10 ----D---- C:\Program Files\Microsoft Works

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 23376]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 457304]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-05-26 26352]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-18 166960]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-11-04 952320]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-10-28 2476544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-26 1044984]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-12-13 102784]
S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-02-23 62976]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-04-03 723488]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-30 135664]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 dldt_device;dldt_device; C:\Windows\system32\dldtcoms.exe [2008-02-25 595184]
S4 dldtCATSCustConnectService;dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-02-25 99568]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

#26 Příspěvek od **vyosek** » 05 zář 2010 15:51

Jsem v robote, nejake musky v logu vychytame vecer - cca kolem osme - omlouvam se za prutahy

morlock · #27 Příspěvek od **morlock** » 05 zář 2010 17:33

Zadnej stres, jinak pocitac se chova normalne, uz ani ta hlaska ze windows zablokovaly program pri startupu nevyskakuje, zrejeme po odinstalovani MBAMu.

#28 Příspěvek od **vyosek** » 05 zář 2010 19:09

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy - spolu se ZoneAlarmem se Vam tam nainstaloval i jeho toolbar

Otevrete si poznamkovy blok

Start->spustit->notepad
Vlozte text nize

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

Soubor ulozte jako oprava.reg
Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
Zavrit notepad a spustit dvojklikem oprava.reg
Pripadny dotaz na zmenu registru potvrdte
Okno jen problikne a opravi regsitry - soubor muzete smazat

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
services.msc
```
Kliknete na OK
Najdete sluzby nize
Google Update Service
U kazde provedte toto
- Klik na ni pravym mysidlem a zvolit Vlastnosti
- Nyní klik na Zastavit
- Typ spousteni nastavit na Zakazano
- Potvrdte kliknutim na OK

Z logu je patrno, ze nemate aktualni verzi Internet Exploreru - aktualizujte jej

Aktualizaci najdete zde (pod tlacitkem "Ke stazeni") http://www.microsoft.com/cze/windows/internet-explorer/
Doporucuji vsak pouzivat alternativni prohlizece - vice zde http://www.viry.cz/forum/viewtopic.php?f=19&t=6116

Jinak log vypada OK

morlock · #29 Příspěvek od **morlock** » 05 zář 2010 20:22

vsechno jsem udelal, teda krome stazeni toho noveho IE, ona tam ma Google Chrome tak ho zrejme pouziva - aspon je nastaven jako default. Mam sem dat jeste jednou vypis z RSITu?

#30 Příspěvek od **vyosek** » 05 zář 2010 20:47

Aktualizovany IE je vhodny i kdyz neni pouzivan - nikdy nevite kdy bude treba a zbytecne se pak vystavujete riziku...
Novy RSIT jiz neni treba...

Doporucuji provest defragmentaci disku

Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
- Vyskoci na Vas okenko, do ktereho zkopirujte text nize
- Kód: Vybrat vše
```
dfrg.msc
```
- Kliknete na OK
Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace

Chova se PC jiz v poradku

VIRY.CZ

pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku

Re: pravdepodobne rootkit v notebooku