| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: nach Systemstart öffnet sich Firefox und zeigt WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.11.2010, 22:00
| #1 |
| |  nach Systemstart öffnet sich Firefox und zeigt Werbung hallo, seit ein paar Tagen zeigt mein Firefox nach jedem Systemneustart WERBUNG. Ich nutze Windows 7 Ultimate 32 Bit Habe Avast durchlaufen lassen - nichts Habe SUPERAntiSpyware durchlaufen lassen - nichts habe Malwarebytes durchlaufen lassen - treffer Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5170
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
22.11.2010 21:30:31
mbam-log-2010-11-22 (21-30-31).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147445
Laufzeit: 4 Minute(n), 22 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Mustermann\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
bitte um Hilfe! |
|
22.11.2010, 22:24
| #2 |
| /// Helfer-Team  | nach Systemstart öffnet sich Firefox und zeigt Werbung Hallo spakz,
__________________vorweg ein paar Hinweise (Bitte beachten!):
Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung: 1.) Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
2.) Gmer - Rootkitscan Was sind Rootkits? Wichtig: Bei jedem Rootkit-Scans soll/en:
Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Nun das Logfile in Code-Tags posten.
__________________ |
|
22.11.2010, 23:09
| #3 |
| | nach Systemstart öffnet sich Firefox und zeigt Werbung vielen Dank für die Zügige Antwort. Ich werde vor Mittwoch nicht dazu kommen deine Anleitung abzuarbeiten.
__________________gruss |
|
23.11.2010, 06:19
| #4 |
| /// Helfer-Team | nach Systemstart öffnet sich Firefox und zeigt Werbung Okay, danke für den hinweis und bis dann 
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte!  |
|
25.11.2010, 20:23
| #5 |
| | nach Systemstart öffnet sich Firefox und zeigt Werbung doppel post... ...keine ahnung wie ich löschen kann Geändert von spakz (25.11.2010 um 20:28 Uhr) |
|
25.11.2010, 20:24
| #6 |
| | nach Systemstart öffnet sich Firefox und zeigt Werbung OTL Code:
ATTFilter OTL logfile created on: 25.11.2010 19:28:52 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\xxx\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): c:\pagefile.sys 5000 5000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 216,78 Gb Free Space | 72,75% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 1627,74 Gb Free Space | 87,37% Space Free | Partition Type: NTFS Computer Name: xxx | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.25 19:27:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe PRC - [2010.10.29 15:18:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.10.16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010.09.07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.06.23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2010.06.23 12:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.05.02 16:29:34 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Program Files\nHancer\nHancerService.exe PRC - [2010.03.26 17:02:56 | 008,546,848 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.10.14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe PRC - [2009.10.14 14:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe PRC - [2009.04.23 14:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2008.02.28 10:58:42 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe PRC - [2008.02.28 10:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe PRC - [2008.02.19 08:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe PRC - [2007.03.13 14:33:56 | 000,196,608 | ---- | M] () -- C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe ========== Modules (SafeList) ========== MOD - [2010.11.25 19:27:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.10.14 14:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009.06.10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll MOD - [2009.06.10 22:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll MOD - [2007.03.13 14:01:44 | 000,032,768 | ---- | M] () -- C:\Windows\System32\Amhooker.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- E:\Games Sammlung\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2010.11.18 17:01:00 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.09.29 09:57:46 | 000,616,448 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.08.13 08:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.06.23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.05.02 16:29:34 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Program Files\nHancer\nHancerService.exe -- (nHancer) SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2009.10.14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2008.02.19 08:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\xxxf\Desktop\vfd21-080206\vfd.sys -- (VirtualFD) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\xxx\AppData\Local\Temp\adxapie.sys -- (adxapie) DRV - [2010.10.22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.10.11 13:04:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.10.11 13:04:42 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.09.07 21:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.09.07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010.09.07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010.09.07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010.09.07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010.09.07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010.05.15 15:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.04.05 11:47:50 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.03.26 17:24:58 | 003,048,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010.03.10 15:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb) DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.10.20 10:27:02 | 000,144,896 | ---- | M] (GMX GmbH) [File_System | System | Running] -- C:\Windows\System32\drivers\uigxrdr.SYS -- (uigxrdr) DRV - [2009.10.14 14:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.03.01 22:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009.02.13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.01.19 04:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir) DRV - [2007.01.24 18:56:56 | 000,008,704 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\System32\drivers\Amfilter.sys -- (Amfilter) DRV - [2007.01.19 11:35:06 | 000,013,824 | ---- | M] ((Standard mouse types)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2005.12.20 18:23:00 | 000,023,872 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys -- (FXDrv32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 D7 F4 51 C6 88 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009 FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.11.14 12:10:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.29 15:18:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.29 15:18:45 | 000,000,000 | ---D | M] [2010.04.02 15:52:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2010.11.22 19:09:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions [2010.06.07 18:47:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.05.28 16:49:16 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008} [2010.08.27 15:18:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.10.17 11:06:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions\nasanightlaunch@example.com [2010.05.28 16:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions [2010.04.05 11:48:05 | 000,002,059 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\FireFox\Profiles\kxtlstpc.default\searchplugins\daemon-search.xml [2010.11.21 12:34:14 | 000,001,056 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\FireFox\Profiles\kxtlstpc.default\searchplugins\icqplugin.xml [2010.04.05 12:12:06 | 000,004,140 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\FireFox\Profiles\kxtlstpc.default\searchplugins\youtube.xml [2010.11.22 19:09:22 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.11.01 13:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.14 17:10:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.22 16:52:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.06.30 19:41:29 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.09.27 12:26:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.27 12:26:14 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.09.27 12:26:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.27 12:26:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.27 12:26:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.23 17:25:00 | 000,000,934 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [msconfig.exe] C:\Users\xxx\AppData\Roaming\Microsoft\System\Services\msconfig.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe () O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{32356822-3e76-11df-81c3-001c253bb8b4}\Shell - "" = AutoRun O33 - MountPoints2\{32356822-3e76-11df-81c3-001c253bb8b4}\Shell\AutoRun\command - "" = H:\INSTALLER.EXE -- File not found O33 - MountPoints2\{3faef1b9-ac6b-11df-819c-001c253bb8b4}\Shell - "" = AutoRun O33 - MountPoints2\{3faef1b9-ac6b-11df-819c-001c253bb8b4}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found O33 - MountPoints2\{3faef1dc-ac6b-11df-819c-001c253bb8b4}\Shell - "" = AutoRun O33 - MountPoints2\{3faef1dc-ac6b-11df-819c-001c253bb8b4}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found O33 - MountPoints2\{7c072442-76f5-11df-82ab-001c253bb8b4}\Shell - "" = AutoRun O33 - MountPoints2\{7c072442-76f5-11df-82ab-001c253bb8b4}\Shell\AutoRun\command - "" = F:\LxSetup.exe -- File not found O33 - MountPoints2\{8594e23f-f323-11df-b2f3-001c253bb8b4}\Shell - "" = AutoRun O33 - MountPoints2\{8594e23f-f323-11df-b2f3-001c253bb8b4}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found O33 - MountPoints2\{a2b7ef7d-91ba-11df-b7cd-001c253bb8b4}\Shell - "" = AutoRun O33 - MountPoints2\{a2b7ef7d-91ba-11df-b7cd-001c253bb8b4}\Shell\AutoRun\command - "" = F:\Welcome.exe -- File not found O33 - MountPoints2\{d13da850-40a0-11df-92cc-001c253bb8b4}\Shell - "" = AutoRun O33 - MountPoints2\{d13da850-40a0-11df-92cc-001c253bb8b4}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found O33 - MountPoints2\{fa653584-e98f-11df-8c18-001c253bb8b4}\Shell\AutoRun\command - "" = E:\fscommand\LS_Start_Launch.cmd -- File not found O33 - MountPoints2\{fa653584-e98f-11df-8c18-001c253bb8b4}\Shell\Launcher\command - "" = E:\fscommand\LS_Start_Launch.cmd -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.25 19:27:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2010.11.22 20:16:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TweakNow RegCleaner [2010.11.22 20:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner [2010.11.22 20:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner [2010.11.21 13:32:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.11.18 18:46:49 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2010.11.18 18:46:49 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2010.11.18 18:46:49 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2010.11.18 18:46:49 | 010,023,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2010.11.18 18:46:49 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2010.11.18 18:46:49 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2010.11.18 18:46:49 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2010.11.18 18:46:49 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322050.dll [2010.11.18 18:46:49 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322030.dll [2010.11.18 18:46:49 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll [2010.11.18 18:46:49 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll [2010.11.18 18:46:49 | 000,123,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2010.11.18 18:46:49 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010.11.18 18:46:49 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2010.11.18 18:46:49 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2010.11.16 12:25:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\vlc [2010.11.14 17:43:54 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2010.11.14 17:43:54 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2010.11.14 17:43:53 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2010.11.14 17:43:53 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2010.11.14 17:43:53 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2010.11.14 17:43:53 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010.11.14 17:43:53 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2010.11.14 17:43:53 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2010.11.14 17:43:53 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2010.11.14 17:43:53 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010.11.14 17:43:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010.11.14 17:43:52 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2010.11.14 17:43:52 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2010.11.14 17:43:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2010.11.14 17:43:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010.11.14 17:43:50 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2010.11.14 17:43:50 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2010.11.14 17:43:49 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.11.14 17:43:49 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2010.11.14 17:43:48 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010.11.14 17:43:46 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2010.11.14 17:43:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2010.11.14 17:43:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2010.11.14 17:43:46 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2010.11.14 17:43:46 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2010.11.14 17:43:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2010.11.14 17:43:46 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2010.11.08 14:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010.11.08 14:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2010.11.08 14:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [2010.11.07 13:25:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\FalloutNV [2010.11.06 17:04:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\HitachiGST [2010.11.06 16:38:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Cooliris [2010.11.06 16:37:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\LifeStudio [2010.11.06 16:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitachi GST [2010.11.06 15:40:17 | 000,000,000 | ---D | C] -- C:\temp [2010.11.06 14:03:05 | 000,000,000 | ---D | C] -- C:\directory [2010.11.06 12:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive [2010.11.06 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive [2010.11.06 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Sports Interactive [2010.11.06 12:57:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Sports Interactive [2010.11.06 12:57:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Sports Interactive [2010.11.06 12:56:13 | 000,000,000 | ---D | C] -- C:\Windows\IswTmp [2010.11.06 12:56:02 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2010.11.06 12:56:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2010.11.06 12:56:01 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2010.11.06 12:56:00 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2010.11.06 12:56:00 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2010.11.06 12:56:00 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2010.11.06 12:56:00 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2010.11.06 12:56:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2010.11.06 12:55:59 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2010.11.06 12:55:58 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2010.11.06 12:55:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2010.11.06 12:55:57 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2010.11.06 12:55:57 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2010.11.06 12:55:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2010.11.06 12:55:57 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2010.11.06 12:55:56 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2010.11.06 12:55:56 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2010.11.06 12:55:56 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2010.11.06 12:55:55 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2010.11.06 12:55:54 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2010.11.06 12:55:54 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2010.11.06 12:55:54 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2010.11.06 12:55:54 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2010.11.06 12:55:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2010.11.06 12:55:54 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2010.11.06 12:55:53 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2010.11.06 12:55:53 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2010.11.06 12:55:53 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2010.11.06 12:55:52 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2010.11.06 12:55:52 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2010.11.06 12:55:51 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2010.11.06 12:55:51 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2010.11.06 12:55:51 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2010.11.06 12:55:51 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2010.11.06 12:55:50 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2010.11.06 12:55:49 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2010.11.06 12:55:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2010.11.06 12:55:48 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2010.11.06 12:55:48 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2010.11.06 12:55:48 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2010.11.06 12:55:48 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2010.11.06 12:55:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2010.11.06 12:55:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2010.11.06 12:55:47 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2010.11.06 12:55:47 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2010.11.06 12:55:47 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2010.11.06 12:55:46 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2010.11.06 12:55:46 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2010.11.06 12:55:46 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2010.11.06 12:55:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2010.11.06 12:55:45 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2010.11.06 12:55:45 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2010.11.06 12:55:44 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2010.11.06 12:55:44 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2010.11.06 12:55:44 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2010.11.06 12:55:36 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2010.11.06 12:55:36 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2010.11.06 12:55:36 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2010.11.06 12:55:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2010.11.06 12:55:35 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2010.11.06 12:55:35 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2010.11.06 12:55:34 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2010.11.06 12:55:33 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2010.11.06 12:55:32 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2010.11.06 12:53:44 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry [2010.11.06 12:52:05 | 000,000,000 | -H-D | C] -- C:\Users\xxx\InstallAnywhere [2010.11.03 18:55:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\AliensVsPredator [2010.10.30 17:16:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\ICQ [2010.10.30 16:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2010.10.30 16:22:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\AOL [2010.10.30 15:28:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\skypePM [2010.10.30 15:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2010.10.30 15:25:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2010.10.30 15:25:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Skype [2010.10.30 15:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.10.29 15:19:25 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.10.29 15:19:25 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.10.29 15:19:25 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.10.29 15:19:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.10.29 15:19:24 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2010.06.29 20:43:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll [2010.06.29 20:43:29 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll [2010.06.29 20:43:29 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll [2010.06.29 20:43:29 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll [2010.06.29 20:43:29 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll [2010.06.29 20:43:29 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll [2010.06.29 20:43:29 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll [2010.06.29 20:43:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll [2010.06.29 20:43:29 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll [2010.06.29 20:43:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll [2010.06.29 20:43:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll [2010.06.29 20:43:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll [2009.07.13 21:46:42 | 001,169,224 | -H-- | C] (Microsoft Corporation) -- C:\Users\xxx\AppData\Roaming\bot.exe [2009.07.13 21:46:42 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\xxx\AppData\Roaming\Torrant.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.25 19:27:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2010.11.25 19:26:47 | 000,049,288 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\data.dat [2010.11.25 19:25:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.25 19:25:06 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys [2010.11.24 18:30:20 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.24 18:30:20 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.24 18:29:29 | 000,697,472 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.24 18:29:29 | 000,654,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.24 18:29:29 | 000,148,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.24 18:29:29 | 000,121,226 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.22 20:16:20 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk [2010.11.22 20:07:21 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk [2010.11.21 03:50:56 | 000,848,182 | -H-- | M] () -- C:\Users\xxx\AppData\Roaming\xxxlog.dat [2010.11.21 00:33:46 | 001,523,704 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Messeger.exe [2010.11.20 12:58:29 | 000,001,130 | ---- | M] () -- C:\Users\xxx\Desktop\black ops config.lnk [2010.11.20 12:56:43 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark X1100 Series All-In-One Center.lnk [2010.11.20 12:56:41 | 000,000,266 | ---- | M] () -- C:\Windows\Lexstat.ini [2010.11.16 19:24:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.11.08 14:34:11 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk [2010.11.07 17:29:12 | 000,001,105 | ---- | M] () -- C:\Users\xxx\Desktop\Fallout.lnk [2010.11.06 14:03:44 | 000,063,105 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\xxx3SQLite3.dll [2010.11.01 16:32:55 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT [2010.10.30 15:28:54 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.22 21:33:50 | 000,049,288 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\data.dat [2010.11.22 20:16:20 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk [2010.11.22 20:07:21 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk [2010.11.21 00:34:06 | 001,523,704 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Messeger.exe [2010.11.20 12:58:31 | 000,001,130 | ---- | C] () -- C:\Users\xxx\Desktop\black ops config.lnk [2010.11.16 19:24:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.11.08 14:34:11 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk [2010.11.07 17:29:14 | 000,001,105 | ---- | C] () -- C:\Users\xxx\Desktop\Fallout.lnk [2010.11.06 14:03:44 | 000,063,105 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\xxx3SQLite3.dll [2010.10.30 15:28:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.08.24 19:57:04 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.08.24 19:57:03 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.08.20 17:25:21 | 000,000,145 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.07.24 16:08:50 | 000,374,272 | ---- | C] () -- C:\Windows\System32\mss32.dll [2010.07.18 15:36:48 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI [2010.07.18 15:22:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Core Data Application [2010.07.18 15:22:59 | 000,000,268 | RH-- | C] () -- C:\Users\xxx\AppData\Roaming\Configure Folder Actions [2010.07.18 15:22:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.07.18 15:22:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices [2010.07.18 15:18:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Contents [2010.07.18 15:18:29 | 000,000,268 | RH-- | C] () -- C:\Users\xxx\AppData\Roaming\Compressor [2010.07.18 15:18:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.07.18 15:18:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Database [2010.06.29 20:44:01 | 000,000,266 | ---- | C] () -- C:\Windows\Lexstat.ini [2010.06.29 20:43:29 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll [2010.06.29 20:43:29 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll [2010.06.24 15:55:23 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.06.24 15:54:34 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.05.01 11:34:15 | 000,022,016 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.10 11:41:03 | 000,000,600 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\winscp.rnd [2010.04.10 10:51:19 | 000,000,017 | ---- | C] () -- C:\Users\xxx\AppData\Local\resmon.resmoncfg [2010.04.05 11:47:50 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.04.02 18:52:47 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.04.02 16:19:26 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Amhooker.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.04.08 14:25:44 | 000,364,544 | ---- | C] () -- C:\Windows\System32\BH_DATA120VC8.dll [2009.04.08 06:17:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2009.02.02 19:11:40 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2009.02.02 19:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2009.02.02 19:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2009.02.02 19:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2007.02.07 16:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini [2007.01.22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll [2006.05.12 04:34:42 | 000,848,182 | -H-- | C] () -- C:\Users\xxx\AppData\Roaming\xxxlog.dat [2006.04.21 09:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2005.10.05 11:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll [2005.09.13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll [2005.09.13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2010.06.24 15:57:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Atari [2010.04.02 16:05:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CheckPoint [2010.05.27 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Command and Conquer 4 [2010.04.02 17:42:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite [2010.07.12 17:56:50 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2010.07.12 20:39:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox [2010.06.30 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Foxit Software [2010.04.15 17:45:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GMX [2010.05.23 22:19:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GrabPro [2010.11.06 17:04:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HitachiGST [2010.11.21 13:07:29 | 000,000,000 | RHSD | M] -- C:\Users\xxx\AppData\Roaming\install [2010.04.15 18:13:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JAlbum [2010.08.20 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Jumping Bytes [2010.06.13 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware [2010.10.22 17:07:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\nHancer [2010.07.28 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nikon [2010.11.08 14:26:50 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nokia [2010.05.23 22:35:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Orbit [2010.05.01 11:36:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC Suite [2010.11.06 12:57:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Sports Interactive [2010.11.22 20:16:19 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TweakNow RegCleaner [2010.04.05 12:19:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft [2010.07.24 16:04:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Uniblue [2010.11.06 16:44:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Western Digital [2010.08.20 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Western DigitalTemp [2010.07.23 15:38:15 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras Code:
ATTFilter OTL Extras logfile created on: 25.11.2010 19:28:52 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\xxx\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 216,78 Gb Free Space | 72,75% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1627,74 Gb Free Space | 87,37% Space Free | Partition Type: NTFS
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\xxx\AppData\Roaming\Torrant.exe" = C:\Users\xxx\AppData\Roaming\Torrant.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\xxx\AppData\Roaming\bot.exe" = C:\Users\xxx\AppData\Roaming\bot.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{19B822A6-372A-43E2-9230-0AFA4EC84F8C}" = Lexware buchhalter 2009
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225C12AE-BB37-4EE3-8935-583E2F0E6644}" = Lexware reisekosten 2009
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2FA2CDE4-ABE2-461D-A2FF-33EA4A3BBB49}" = TAXMAN 2010 spezial
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44046312-696F-4E29-82C8-3F29F81DD11F}" = Lexware Elster
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57456DD2-4CDD-4245-A5E6-D865CD8E0238}" = Lexware reisekosten 2009
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{650E2ABD-270A-499C-BA9F-09180DDDDA16}" = Nokia Software Updater
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D66915F-05FF-4F59-B2D3-AA2E58506F72}" = nHancer
"{7EC9E7A1-A576-43C8-9CBB-31BD5625EBCA}" = FOX LiveUpdate
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3DBED25-09EE-45FE-BE53-4B07B0CBA0FC}" = PC Connectivity Solution
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F6DBB315-6C0F-4BCD-8C09-24016401E438}" = PureSync
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.12 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"BootDisk2BootStick" = BootDisk2BootStick 0.10
"ElsterFormular 11.5.0.4546" = ElsterFormular
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Foxit Reader" = Foxit Reader
"GMX Upload-Manager" = GMX Upload-Manager
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MKVtoolnix" = MKVtoolnix 2.4.1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"nHancer" = nHancer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PureSync" = PureSync 2.6.11
"QuickPar" = QuickPar 0.9
"Steam App 18800" = Zero Gear Demo
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"VLC media player" = VLC media player 1.1.4
"WheelMouse" = Trust GM-4600 Gamer Mouse
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.7
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.7
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:53 on 25/11/2010 (xxx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
|
|
25.11.2010, 20:29
| #7 |
| | nach Systemstart öffnet sich Firefox und zeigt Werbung gmer Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-25 20:10:44
Windows 6.1.7600 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD322HJ rev.1AC01110
Running: yq5nekqp.exe; Driver: C:\Users\HANSDA~1\AppData\Local\Temp\pwlyafog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8DF1BBBA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x8DF1C48A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8DF1B610]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8DF14E42]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8DF36760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8DF1C11A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8DF1C278]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8DF15B7E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8DF38212]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8DF37B06]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8DF38BE0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8DF38E1E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8DF392D0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8DF15730]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8DF39CB8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8DF3959A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8DF1B1A4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8DF3A71E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8DF15F8A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x8DF3A242]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8DF37226]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E707B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83298599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832BCF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 248 832C4758 8 Bytes [BA, BB, F1, 8D, 8A, C4, F1, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 832C47EC 4 Bytes [10, B6, F1, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 832C4808 4 Bytes [42, 4E, F1, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 308 832C4818 4 Bytes [60, 67, F3, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 324 832C4834 4 Bytes [1A, C1, F1, 8D]
.text ...
PAGE ntkrnlpa.exe!ZwLoadDriver 833F6291 7 Bytes JMP 8E707B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8345DFBF 5 Bytes JMP 8E7035D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83477CF3 5 Bytes JMP 8E705012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA2E98300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA2EDB300, 0x1BEE, 0xE8000020]
.text advapi32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE
.text advapi32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5
.text user32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207
.text user32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2
.text kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[496] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[496] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[496] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[496] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[496] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[596] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[596] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[596] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[596] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[596] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[596] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[596] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[604] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[604] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[604] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[604] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[604] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[604] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[612] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[612] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[612] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[612] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[612] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[612] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[612] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[612] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[612] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[712] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[712] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[712] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[712] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[712] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[712] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[712] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[712] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[712] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[792] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[792] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[792] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[792] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] user32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[832] user32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[928] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[928] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[960] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[960] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[960] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[984] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[984] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[984] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[984] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1032] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1032] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1032] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1032] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1032] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1032] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1032] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1032] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Windows Sidebar\sidebar.exe[1032] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\xxx\Desktop\yq5nekqp.exe[1064] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\xxx\Desktop\yq5nekqp.exe[1064] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\xxx\Desktop\yq5nekqp.exe[1064] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1148] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1148] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1252] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1252] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1252] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1252] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[1584] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[1584] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[1584] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[1584] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[1584] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[1584] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[1584] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[1584] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wuauclt.exe[1584] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1864] kernel32.dll!SetUnhandledExceptionFilter 761B3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1912] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1912] USER32.dll!GetWindowMinimizeRect + 377 776EBFE9 5 Bytes JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[2088] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[2088] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[2088] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[2088] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[2088] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[2088] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[2088] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[2088] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\ctfmon.exe[2088] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[2672] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[2672] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[2672] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[2672] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[2672] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[2672] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[2672] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[2672] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[2672] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2704] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2704] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2704] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2704] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2704] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2704] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2704] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2704] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2704] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2840] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2840] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2840] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2840] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2840] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2840] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2840] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2840] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\taskhost.exe[2840] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lxbkcoms.exe[2940] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lxbkcoms.exe[2940] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lxbkcoms.exe[2940] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lxbkcoms.exe[2940] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lxbkcoms.exe[2940] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lxbkcoms.exe[2940] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lxbkcoms.exe[2940] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lxbkcoms.exe[2940] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\lxbkcoms.exe[2940] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3152] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3152] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3152] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3152] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3152] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3152] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3152] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3152] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3152] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3588] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3588] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3644] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3644] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3644] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3644] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3644] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3644] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3644] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3644] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3644] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3852] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3852] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3852] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3852] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3852] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3852] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3852] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3852] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[3852] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3892] ntdll.dll!NtAccessCheckByType 77B84640 5 Bytes JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3892] ntdll.dll!NtAlpcImpersonateClientOfPort 77B84820 5 Bytes JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3892] ntdll.dll!NtImpersonateClientOfPort 77B84F30 5 Bytes JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3892] ntdll.dll!NtSetInformationProcess 77B85AE0 5 Bytes JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3892] kernel32.dll!OpenProcess 761A73E4 5 Bytes JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3892] USER32.dll!FindWindowA 776EA818 5 Bytes JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3892] USER32.dll!FindWindowW 776ECF04 5 Bytes JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3892] ADVAPI32.dll!SetThreadToken 77AACA9F 5 Bytes JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[3892] ADVAPI32.dll!ImpersonateNamedPipeClient 77AE2331 5 Bytes JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [8DF21100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [8DF2090E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [8DF1F06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [8DF20AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [8DF20AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [8DF21100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [8DF2090E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [8DF1F06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [8DF20AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [8DF1F06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [8DF21100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [8DF2090E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [8DF2090E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [8DF20AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [8DF21100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [8DF1F06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\wininit.exe[496] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\services.exe[596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\lsass.exe[604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\lsm.exe[612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\nvvsvc.exe[792] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[832] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[960] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[984] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[1032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Users\xxx\Desktop\yq5nekqp.exe[1064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1148] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1252] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\wuauclt.exe[1584] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\ctfmon.exe[2088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\spoolsv.exe[2672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[2704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\taskhost.exe[2840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\lxbkcoms.exe[2940] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[3152] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[3588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\system32\wbem\wmiprvse.exe[3852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[3892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
25.11.2010, 23:32
| #8 |
| /// Helfer-Team | nach Systemstart öffnet sich Firefox und zeigt Werbung Da ist ganz schön was los bei dir. Lies dir bitte zuerst die Backdoorwarnung in dem Link durch (hier von Swisstreasure gepostet): Backdoorwarnung Wenn du dennoch versuchen möchtest zu bereinigen, arbeite folgende Anleitung der Reihe nach ab: 1.) Software deinstallieren Deinstalliere bitte die Ask-Toolbar (bzw. FoxitToolbar), außerdem alle anderen Toolbars, sofern du sie nicht benötigst. Bei der Ask-Toolbar handelt es sich um Adware 2.) Fixen mit OTL
3.) Einstellungen prüfen unter Windows 7 Stelle sicher, dass bei dir alle Ordner, Dateien und Laufwerke angezeigt werden:
4) Dateien bei Virustotal überprüfen lassen Besuche Virustotal Über den Button "Durchsuchen" wählst du nun nacheinander die Dateien Code:
ATTFilter C:\Windows\bootstat.dat
C:\hiberfil.sys
C:\Users\xxx\AppData\Roaming\Microsoft\System\Services\msconfig.exe
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
26.11.2010, 13:15
| #9 |
| | nach Systemstart öffnet sich Firefox und zeigt Werbung hallo, vielen Dank für die Antwort. ich werde die Anleitung heute abend bzw. am Samstag abarbeiten. du sagst, dass bei mir "einiges los" ist. was genau heisst das. ist mein rechner hoffnungslos verseucht? sind dir mehrere programme aufgefallen, die schädlich sind oder sein können? ich möchte natürlich auch dazu lernen und sowas in Zukunft vermeiden. Wäre klasse, wenn du mir noch etwas mehr details zu meinen logs geben könntest! vielen dank |
|
26.11.2010, 16:58
| #10 | |
| /// Helfer-Team | nach Systemstart öffnet sich Firefox und zeigt Werbung Hast du dir nicht den Link angesehen? Also der zur Backdoorwarnung? Du hast einen Trojaner mit Backdoorfunktionalität auf deinem Rechner. Lies das. Was genau dein Trojaner schon angestellt hat oder noch tun wird kann ich dir aber leider nicht sagen. Zitat:
Nein, wenn du eher Spiele spielst, Filme damit ansiehst und generell das Risiko eingehen möchtest, dass ich eventuell was übersehen könnte oder sich da etwas zu gut versteckt. Eine Bereinigung können wir natürlich gern vornehmen Passwörter ändern von einem sauberen System ist aber ein Muss!
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
26.11.2010, 19:04
| #11 |
| | nach Systemstart öffnet sich Firefox und zeigt Werbung den link hatte ich mir durchgelesen... ich werde mein system neu aufsetzen. muss ich hierzu auf irgendwas achten? ansonsten vielen dank für die mühe schönes WE bussi spakz |
|
26.11.2010, 20:29
| #12 |
| /// Helfer-Team | nach Systemstart öffnet sich Firefox und zeigt Werbung Ach Mensch, nie entscheidet sich einer fürs Bereinigen  Nee jetzt mal ernst, es ist sicher keine verkehrte Entscheidung Hier mal eine boardinterne Anleitung zum Neuaufsetzen: Neuaufsetzen des Systems + Absicherung Gleichfalls schönes WE und Tschüßi (aber ohne Bussi  )!
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
| Themen zu nach Systemstart öffnet sich Firefox und zeigt Werbung |
| anti-malware, appdata, automatisch, avast, blocken, code, dateien, explorer, firefox, hilfe!, malwarebytes, minute, richtig, roaming, software, stolen.data, superantispyware, system, systemstart, version, werbung, windows, windows 7, windows 7 ultimate, zonealarm, öffnet |
Linear-Darstellung
