Antivir meldet Malware

#0
17.05.2011, 15:11
Member

Beiträge: 19
#1 Mein Antivir meldet mir seit ein paar tagen nach jedem Systemstart ein Malware. Bitte um Hilfe

In der Datei 'C:\Users\Alex\AppData\Local\Temp\1boqiqqi.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.5120.150' [trojan] gefunden.

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-17 14:56:14
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.FB4O
Running: mqjrg602.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8FAC6BBA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x8FAC748A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8FAC6610]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8FABFE42]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8FAE1760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8FAC711A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8FADB5AE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8FADB9D6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8FAE5EE0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8FADBE4A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8FAC7278]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8FAC0B7E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8FAE3212]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8FAE2B06]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8FADA38E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8FAE3BE0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8FAE3E1E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8FAE42D0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8FAC0730]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x8FADDAD4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x8FADD6C2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8FAE4CB8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8FAE459A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8FAC61A4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8FAE571E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8FAC68DC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8FAC0F8A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x8FAE5242]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8FAE2226]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8FADC6D4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x8FADC404]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E80569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA5092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82EAC858 8 Bytes [BA, 6B, AC, 8F, 8A, 74, AC, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82EAC8EC 4 Bytes [10, 66, AC, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 82EAC908 4 Bytes [42, FE, AB, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 308 82EAC918 4 Bytes [60, 17, AE, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 324 82EAC934 4 Bytes [1A, 71, AC, 8F]
.text ...
? System32\Drivers\spwe.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 96746D18 5 Bytes JMP 8723E4E0
.text a7mfj9mb.SYS 98F76000 12 Bytes [44, B8, E0, 82, EE, B6, E0, ...]
.text a7mfj9mb.SYS 98F7600D 9 Bytes [97, E0, 82, 48, BB, E0, 82, ...] {XCHG EDI, EAX; LOOPNZ 0xffffffffffffff85; DEC EAX; MOV EBX, 0x82e0}
.text a7mfj9mb.SYS 98F76017 20 Bytes [00, DE, 27, 3A, 8B, E6, 25, ...]
.text a7mfj9mb.SYS 98F7602C 20 Bytes [00, 00, 00, 00, A0, B1, E7, ...]
.text a7mfj9mb.SYS 98F76041 128 Bytes JMP EA556082
.text ...
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A4318000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A4318123 629 Bytes [35, 31, A4, FE, 05, 34, 35, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A4318399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A43183FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A43184AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
.text kernel32.dll!OpenProcess 771273E4 5 Bytes [E9, 83, 10, B5, A9] {JMP 0xffffffffa9b51088}
.text advapi32.dll!SetThreadToken 75CBCA9F 5 Bytes [E9, 92, C5, FB, AA] {JMP 0xffffffffaafbc597}
.text advapi32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes [E9, 27, 6B, F8, AA] {JMP 0xffffffffaaf86b2c}
.text user32.dll!FindWindowA 75A6A818 5 Bytes [E9, 72, DA, 20, AB] {JMP 0xffffffffab20da77}
.text user32.dll!FindWindowW 75A6CF04 5 Bytes [E9, 51, B3, 20, AB] {JMP 0xffffffffab20b356}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[108] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[108] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[108] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[108] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[344] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[344] USER32.dll!GetWindowMinimizeRect + 377 75A6BFE9 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[552] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[552] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[552] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[552] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[552] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[552] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[552] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[552] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wininit.exe[552] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[600] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[600] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[600] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[600] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[600] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[600] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[600] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[600] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\services.exe[600] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[616] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[616] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[616] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsass.exe[616] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[624] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[624] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[624] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[624] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[624] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[624] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[624] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[624] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\lsm.exe[624] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[700] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[700] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[700] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[700] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[700] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[700] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[700] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[700] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\spoolsv.exe[700] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[736] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[736] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[844] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[844] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[844] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[844] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[844] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[844] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[844] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[844] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\conhost.exe[844] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[1016] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[1016] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[1016] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[1016] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[1016] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[1016] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[1016] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[1016] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\nvvsvc.exe[1016] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1048] user32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1048] user32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1104] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1104] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1104] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1104] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1180] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1180] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1180] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1180] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1180] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1180] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1180] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1180] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1180] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1184] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1184] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1184] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1184] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1620] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1620] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1648] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1648] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1648] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1648] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1648] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1648] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1648] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1648] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1648] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[1656] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[1656] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[1656] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[1656] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[1656] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[1656] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[1656] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[1656] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\SearchIndexer.exe[1656] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1660] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1660] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1660] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[1808] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[1808] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[1808] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[1808] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[1808] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[1808] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[1808] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[1808] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\DllHost.exe[1808] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2068] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2068] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2068] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2068] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2068] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2068] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2068] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2068] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2068] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\BASVC.exe[2112] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\BASVC.exe[2112] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\BASVC.exe[2112] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\BASVC.exe[2112] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\BASVC.exe[2112] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\BASVC.exe[2112] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\BASVC.exe[2112] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\BASVC.exe[2112] advapi32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\BASVC.exe[2112] advapi32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\PdtWzd.exe[2184] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\PdtWzd.exe[2184] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\PdtWzd.exe[2184] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\PdtWzd.exe[2184] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\PdtWzd.exe[2184] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\PdtWzd.exe[2184] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\PdtWzd.exe[2184] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\PdtWzd.exe[2184] advapi32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Acer Bio Protection\PdtWzd.exe[2184] advapi32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2208] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2208] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2208] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2208] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2208] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2208] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2208] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2208] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2208] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2252] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2252] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2252] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2252] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2252] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2252] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2252] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\sppsvc.exe[2276] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\sppsvc.exe[2276] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\sppsvc.exe[2276] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\sppsvc.exe[2276] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\sppsvc.exe[2276] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\sppsvc.exe[2276] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\sppsvc.exe[2276] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\sppsvc.exe[2276] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\sppsvc.exe[2276] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2312] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2312] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2312] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2312] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2312] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2312] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2312] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2312] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2312] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2452] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2452] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2452] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2452] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2452] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2452] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2452] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2452] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2452] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\PLFSetI.exe[2496] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\PLFSetI.exe[2496] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\PLFSetI.exe[2496] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\PLFSetI.exe[2496] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\PLFSetI.exe[2496] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\PLFSetI.exe[2496] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\PLFSetI.exe[2496] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\PLFSetI.exe[2496] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\PLFSetI.exe[2496] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2540] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2540] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2540] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2540] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2540] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2540] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2540] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2540] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2540] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2712] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2712] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2712] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2712] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2712] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2712] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2712] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2712] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[2712] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2892] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2892] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2892] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2892] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2892] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2892] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2892] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2892] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2892] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3000] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3000] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3000] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3000] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3000] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3000] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3000] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3000] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\svchost.exe[3000] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Winamp\winampa.exe[3068] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Winamp\winampa.exe[3068] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Winamp\winampa.exe[3068] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Winamp\winampa.exe[3068] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Winamp\winampa.exe[3068] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Winamp\winampa.exe[3068] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Winamp\winampa.exe[3068] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Winamp\winampa.exe[3068] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Winamp\winampa.exe[3068] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3268] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3268] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3268] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3268] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3268] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3268] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3268] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3268] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3268] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3460] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3460] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3460] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3460] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3460] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3460] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3460] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3460] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3460] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3476] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3476] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3476] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3476] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3476] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3476] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3476] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3476] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\taskeng.exe[3476] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3576] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3576] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3576] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3576] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3576] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3576] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3576] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3576] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\iPod\bin\iPodService.exe[3576] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3652] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3652] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3652] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3652] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3652] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3652] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3652] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3652] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3652] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Downloads\mqjrg602.exe[3676] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Downloads\mqjrg602.exe[3676] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Downloads\mqjrg602.exe[3676] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Downloads\mqjrg602.exe[3676] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Downloads\mqjrg602.exe[3676] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Downloads\mqjrg602.exe[3676] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Downloads\mqjrg602.exe[3676] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Downloads\mqjrg602.exe[3676] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text E:\Downloads\mqjrg602.exe[3676] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\iTunes\iTunesHelper.exe[3696] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\iTunes\iTunesHelper.exe[3696] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\iTunes\iTunesHelper.exe[3696] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\iTunes\iTunesHelper.exe[3696] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\iTunes\iTunesHelper.exe[3696] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\iTunes\iTunesHelper.exe[3696] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\iTunes\iTunesHelper.exe[3696] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\iTunes\iTunesHelper.exe[3696] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\iTunes\iTunesHelper.exe[3696] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3920] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3920] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3920] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3920] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3920] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3920] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3920] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3920] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3920] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[4088] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[4088] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[4088] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[4088] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[4088] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[4088] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[4088] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[4088] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[4088] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4208] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4208] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4208] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4208] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4208] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4208] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4208] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4208] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4208] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4328] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4328] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4328] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4328] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4328] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4328] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4328] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4328] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4328] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4564] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4564] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4564] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4564] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4564] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4564] kernel32.dll!SetUnhandledExceptionFilter 77133162 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4564] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4564] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4564] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[4564] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4816] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4816] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4816] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4816] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4816] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4816] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4816] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4816] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4816] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4976] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4976] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4976] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4976] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4976] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4976] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4976] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4976] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[4976] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] ntdll.dll!LdrLoadDll 7766F5B5 5 Bytes JMP 00161410 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] kernel32.dll!SetUnhandledExceptionFilter 77133162 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] WS2_32.dll!sendto 76A83AED 5 Bytes JMP 20AE3D71 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] WS2_32.dll!closesocket 76A83BED 5 Bytes JMP 20AE3BA8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] WS2_32.dll!recv 76A847DF 5 Bytes JMP 20AE3C29 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] WS2_32.dll!WSASend 76A868A7 5 Bytes JMP 20AE3F07 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] WS2_32.dll!WSARecv 76A8C29F 5 Bytes JMP 20AE3E15 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] WS2_32.dll!send 76A8C4C8 5 Bytes JMP 20AE3CD3 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] WS2_32.dll!WSASendDisconnect 76A9AD39 5 Bytes JMP 20AE409B C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] WS2_32.dll!WSASendTo 76A9ADC4 5 Bytes JMP 20AE3FCE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] USER32.dll!GetWindowMinimizeRect + 377 75A6BFE9 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\Mozilla Firefox\firefox.exe[5168] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5492] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5492] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5492] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5492] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5492] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5492] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5492] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5492] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\system32\wbem\wmiprvse.exe[5492] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[5532] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[5532] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[5532] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[5532] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[5532] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[5532] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[5532] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[5532] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Windows\System32\svchost.exe[5532] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5832] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5832] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5832] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5832] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5832] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5832] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5832] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5832] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5832] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5908] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5908] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5908] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5908] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5908] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5908] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5908] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5908] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5908] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5976] ntdll.dll!NtAccessCheckByType 77654480 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5976] ntdll.dll!NtAlpcImpersonateClientOfPort 77654660 5 Bytes JMP 20C78DD9 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5976] ntdll.dll!NtImpersonateClientOfPort 77654D70 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5976] ntdll.dll!NtSetInformationProcess 77655920 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5976] kernel32.dll!OpenProcess 771273E4 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5976] USER32.dll!FindWindowA 75A6A818 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5976] USER32.dll!FindWindowW 75A6CF04 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5976] ADVAPI32.dll!SetThreadToken 75CBCA9F 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5976] ADVAPI32.dll!ImpersonateNamedPipeClient 75CF2331 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B2A6042] \SystemRoot\System32\Drivers\spwe.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B2A66D6] \SystemRoot\System32\Drivers\spwe.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B2A6800] \SystemRoot\System32\Drivers\spwe.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B2A613E] \SystemRoot\System32\Drivers\spwe.sys
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a7mfj9mb.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [8FACC100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [8FACB90E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [8FACA06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [8FACBAB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [8FACBAB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [8FACC100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [8FACB90E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [8FACA06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [8FACBAB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [8FACA06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [8FACC100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [8FACB90E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\svchost.exe[108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\wininit.exe[552] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\services.exe[600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\lsass.exe[616] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\lsm.exe[624] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\spoolsv.exe[700] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[736] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\conhost.exe[844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\nvvsvc.exe[1016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1048] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1180] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[1184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1212] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[1620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1648] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\SearchIndexer.exe[1656] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\DllHost.exe[1808] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1868] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[2068] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Acer Bio Protection\BASVC.exe[2112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Acer Bio Protection\PdtWzd.exe[2184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[2208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[2252] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[2312] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2452] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\PLFSetI.exe[2496] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2540] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\svchost.exe[3000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT D:\Program Files\Winamp\winampa.exe[3068] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Launch Manager\QtZgAcer.EXE[3460] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EB2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E95624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EB250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73EA8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73EA4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73EA50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73EA51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73EA66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73EA82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73EA8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73EA907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EAE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73EA4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\iPod\bin\iPodService.exe[3576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT D:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT E:\Downloads\mqjrg602.exe[3676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT D:\Program Files\iTunes\iTunesHelper.exe[3696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[4088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[4328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[4976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT D:\Program Files\Mozilla Firefox\firefox.exe[5168] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\system32\wbem\wmiprvse.exe[5492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT C:\Windows\System32\svchost.exe[5532] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
IAT D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8557E1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 855781F8
Device \Driver\usbuhci \Device\USBPDO-0 8715E1F8
Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-1 8715E1F8
Device \Driver\usbuhci \Device\USBPDO-2 8715E1F8
Device \Driver\usbehci \Device\USBPDO-3 87275500
Device \Driver\usbuhci \Device\USBPDO-4 8715E1F8
Device \Driver\usbuhci \Device\USBPDO-5 8715E1F8
Device \Driver\usbuhci \Device\USBPDO-6 8715E1F8
Device \Driver\volmgr \Device\HarddiskVolume1 855781F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 87275500
Device \Driver\volmgr \Device\HarddiskVolume2 855781F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86EA91F8
Device \Driver\volmgr \Device\HarddiskVolume3 855781F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 86EA91F8
Device \Driver\sptd \Device\1267954736 spwe.sys
Device \Driver\volmgr \Device\HarddiskVolume4 855781F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom2 86EA91F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EA1B4E4C-05D4-487C-8B87-C09C9D6B3164} 86F421F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86F421F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{3923D7E3-9675-416D-8738-7C457BFEFB70} 86F421F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{93446AC9-E5DF-4695-880C-8A78B488ADB4} 86F421F8
Device \Driver\PCI_PNP8735 \Device\0000005e spwe.sys
Device \Driver\usbuhci \Device\USBFDO-0 8715E1F8
Device \Driver\usbuhci \Device\USBFDO-1 8715E1F8
Device \Driver\usbuhci \Device\USBFDO-2 8715E1F8
Device \Driver\usbehci \Device\USBFDO-3 87275500
Device \Driver\usbuhci \Device\USBFDO-4 8715E1F8
Device \Driver\usbuhci \Device\USBFDO-5 8715E1F8
Device \Driver\usbuhci \Device\USBFDO-6 8715E1F8
Device \Driver\usbehci \Device\USBFDO-7 87275500
Device \Driver\a7mfj9mb \Device\Scsi\a7mfj9mb1Port1Path0Target1Lun0 87188500
Device \Driver\a7mfj9mb \Device\Scsi\a7mfj9mb1Port1Path0Target0Lun0 87188500
Device \Driver\a7mfj9mb \Device\Scsi\a7mfj9mb1 87188500

---- Threads - GMER 1.0.15 ----

Thread System [4:2408] A4325F2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFA 0xBB 0x0A 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC4 0x6B 0x04 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB8 0x1B 0x81 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x04 0x85 0xE4 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFA 0xBB 0x0A 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC4 0x6B 0x04 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB8 0x1B 0x81 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x04 0x85 0xE4 0x9D ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCE74B85-9193-4C83-BDF3-DD550A85750F}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCE74B85-9193-4C83-BDF3-DD550A85750F}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCE74B85-9193-4C83-BDF3-DD550A85750F}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCE74B85-9193-4C83-BDF3-DD550A85750F}@Hash 0x78 0x83 0x21 0x7E ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCE74B85-9193-4C83-BDF3-DD550A85750F}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCE74B85-9193-4C83-BDF3-DD550A85750F}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {FCE74B85-9193-4C83-BDF3-DD550A85750F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice@Progid divx_divx_file
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLAC\UserChoice@Progid Winamp.File.FLAC
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice@Progid Winamp.File.FLV
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice@Progid Winamp.File.OGG
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C051668C-F20D-EE2C-DE81-3B99B3DD497F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C051668C-F20D-EE2C-DE81-3B99B3DD497F}@hadhcadaicbbbejd 0x6B 0x61 0x6F 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C051668C-F20D-EE2C-DE81-3B99B3DD497F}@iangilpigddeieeglm 0x6B 0x61 0x6F 0x66 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x04 0x06 0x07 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@FirstLevelConsentDialog 0x04 0x06 0x07 0x00 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CloseDialog 0x86 0x0C 0x3D 0x00 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File C:\Users\Alex\AppData\Local\Temp\Alex7 0 bytes

---- EOF - GMER 1.0.15 ----
Dieser Beitrag wurde am 17.05.2011 um 15:43 Uhr von rockin editiert.
Seitenanfang Seitenende
17.05.2011, 15:45
Member

Themenstarter

Beiträge: 19
#2

Code

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:04:46, on 17.05.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nero_Portable_10.2.12.100_Multilingual.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Users\Alex\AppData\Roaming\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HJT\Trend Micro\HiJackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_15_Premium\TrayServer.exe
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "D:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Nero_Portable_10.2.12.100_Multilingual.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 12295 bytes



Code

OTL logfile created on: 17.05.2011 15:30:57 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Alex\Desktop
Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 5,26 Gb Free Space | 18,01% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 18,16 Gb Free Space | 23,25% Space Free | Partition Type: NTFS
Drive E: | 180,67 Gb Total Space | 12,74 Gb Free Space | 7,05% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Alex\AppData\Roaming\ctfmon.exe (ROS)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nero_Portable_10.2.12.100_Multilingual.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcp80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (IGBASVC) -- C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (FirebirdServerMAGIXInstance) -- D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (nuvotoncir) -- C:\Windows\System32\drivers\nuvotoncir.sys (Nuvoton Technology Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 0D D8 4F D0 88 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://www.google.de/search?ie=UTF-8&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.17 00:09:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.02.08 19:49:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.05 23:53:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.05 23:53:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.05.02 15:21:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.05.02 15:21:40 | 000,000,000 | ---D | M]

[2010.10.29 15:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2011.05.17 13:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\4ndf5bd5.default\extensions
[2011.01.08 14:35:55 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\4ndf5bd5.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.03.12 15:03:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\4ndf5bd5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.04.09 21:11:21 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\4ndf5bd5.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.05.02 17:10:44 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\4ndf5bd5.default\extensions\https-everywhere@eff.org
[2011.05.02 15:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\4ndf5bd5.default\extensions\nostmp
[2011.03.15 22:18:55 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\4ndf5bd5.default\extensions\vshare@toolbar
[2010.11.05 19:46:28 | 000,010,567 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4ndf5bd5.default\searchplugins\gmx-suche.xml
File not found (No name found) --
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4NDF5BD5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4NDF5BD5.DEFAULT\EXTENSIONS\SEARCHY@SEARCHY.XPI
[2010.10.29 19:55:06 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.29 20:17:38 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.18 23:00:00 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.23 23:59:58 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

O1 HOSTS File: ([2011.02.07 23:49:21 | 000,001,116 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       nero.com
O1 - Hosts: 127.0.0.1       www.nero.com
O1 - Hosts: 127.0.0.1       activate.nero.com
O1 - Hosts: 127.0.0.1       www.activate.nero.com
O1 - Hosts: 127.0.0.1       nero.de
O1 - Hosts: 127.0.0.1       www.nero.de
O1 - Hosts: 127.0.0.1       activate.nero.de
O1 - Hosts: 127.0.0.1       www.activate.nero.de
O1 - Hosts: 127.0.0.1     activate.adobe.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KeePass 2 PreLoad] D:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_15_Premium\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nero_Portable_10.2.12.100_Multilingual.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2011.05.05 19:59:05 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010.11.23 20:10:00 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2010.11.23 20:10:00 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010.11.23 20:10:00 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010.11.23 20:10:00 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2010.11.23 20:10:00 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010.11.23 20:10:00 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010.11.23 20:10:00 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 [2010.11.23 20:10:00 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010.11.23 20:10:00 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2011.05.05 19:58:23 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: An OneNote s&enden - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 (•  in Lokales Intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c189f4fa-009d-11e0-b159-001e68ee5627}\Shell - "" = AutoRun
O33 - MountPoints2\{c189f4fa-009d-11e0-b159-001e68ee5627}\Shell\AutoRun\command - "" = G:\start.exe /checksection
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.05.17 15:27:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011.05.17 14:59:40 | 000,000,000 | ---D | C] -- C:\Programme\HJT
[2011.05.17 14:59:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.05.17 14:34:36 | 022,280,781 | ---- | C] (PortableAppZ.blogspot.com) -- C:\Users\Alex\AppData\Roaming\48934.exe
[2011.05.17 14:32:07 | 000,012,288 | ---- | C] (ROS) -- C:\Users\Alex\AppData\Roaming\ctfmon.exe
[2011.05.17 14:08:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2011.05.17 14:08:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.17 14:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.17 14:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.17 14:08:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.17 14:08:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.17 13:25:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{75F03DBA-D8AC-49D0-8237-958ADD825997}
[2011.05.16 15:23:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{E55CBF78-0AFF-4707-8D15-896E2A54E0E8}
[2011.05.15 20:55:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{BC735604-CC1A-4CF8-9821-8FB37E7B0BEA}
[2011.05.15 14:38:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C7981A41-37F6-468C-80B0-5342CEF9C161}
[2011.05.14 15:07:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{20F38046-029B-4139-99DB-F3514BE11FEE}
[2011.05.13 16:02:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5BBD8E1E-322F-41E0-9806-796E0E3C8CE3}
[2011.05.12 16:26:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{F1F32BB9-8903-4BE0-A27B-5B4DBA614A15}
[2011.05.11 22:25:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Opera
[2011.05.11 22:25:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Opera
[2011.05.11 17:40:17 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011.05.11 17:40:17 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011.05.11 17:40:14 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.05.11 17:40:13 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.05.11 17:35:16 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{EC75773F-DB6D-4BC1-AE7F-0759160DC260}
[2011.05.10 17:29:35 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{E64E04B7-7321-4895-B5C3-69E12F3C04E6}
[2011.05.09 18:20:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{0400AC98-BD11-4224-8336-7DF7043277AA}
[2011.05.08 20:04:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D3BE43C3-957E-44D8-8C98-8EF892C9257F}
[2011.05.08 18:35:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FC8F3C05-45C4-49F0-8921-E281F7C79D3F}
[2011.05.08 01:45:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6EF69C9A-DF58-43AF-A1F8-A40BC5328B65}
[2011.05.07 11:11:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{13AC0552-4BF6-4AFE-87AC-A484BD2BFDF3}
[2011.05.06 14:27:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{F6A2D699-9254-421E-AE74-4708D30A35A7}
[2011.05.06 02:26:32 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{3B6ABBE2-4BF7-403D-9D3A-0BA6249039CE}
[2011.05.05 18:04:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\1und1
[2011.05.05 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7800C4E6-AA2B-4B05-AD59-62C98FEDEF32}
[2011.05.04 12:13:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{BCB80C4C-AB36-45FD-A504-5B4A43114724}
[2011.05.03 15:47:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{2BFFF832-2AF5-415A-9934-196BE08F11D1}
[2011.05.02 07:23:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{AA4D3900-CD16-43DD-BF54-1A46A4D72350}
[2011.05.01 22:15:46 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Nero
[2011.05.01 12:10:10 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{107FBECA-BD5D-45A8-B49E-DF2855A533CC}
[2011.04.30 16:41:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{1A46960C-45AE-4D4A-83A9-B4784A3F38FD}
[2011.04.29 15:37:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9E847585-D756-4941-8311-C41E2F79048C}
[2011.04.28 22:33:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7EE8ADE3-7AF3-431E-984E-02033CB0C6A5}
[2011.04.27 19:24:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011.04.27 19:24:08 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011.04.27 19:24:08 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011.04.27 19:24:08 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011.04.27 19:23:58 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.27 19:23:20 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.27 19:12:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{F4E050EA-600D-4736-82C2-D36DD6968E96}
[2011.04.24 18:16:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{889F5AFF-6737-4BC5-9EA5-FFDC53951F16}
[2011.04.24 13:55:25 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FCBE8CB6-6D10-470B-9017-C31E871C14E1}
[2011.04.23 14:21:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{39E0FD47-F4B1-4C10-B974-F3BF0C0C1F56}
[2011.04.22 17:16:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{251F3713-1693-4B95-8EE7-A01663817B8D}
[2011.04.21 14:32:35 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{BCE2B656-DB64-4BDD-84FD-5B2496FCBD56}
[2011.04.20 17:57:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{EC661B0A-E3AB-4375-9B2C-1A2C2C91929A}
[2011.04.19 17:05:25 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A081E449-B50A-42EE-87EE-81766E3AEFBE}
[2011.04.18 16:37:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{4F77413B-F1F1-49D5-8B61-D79CACF987F3}
[2011.04.18 00:24:16 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{151AB668-62A4-4AE2-AC20-67DF6EA03448}

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.05.17 15:27:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011.05.17 14:59:40 | 000,002,967 | ---- | M] () -- C:\Users\Alex\Desktop\HJT.lnk
[2011.05.17 14:55:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.17 14:36:39 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.17 14:36:39 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.17 14:34:36 | 022,280,781 | ---- | M] (PortableAppZ.blogspot.com) -- C:\Users\Alex\AppData\Roaming\48934.exe
[2011.05.17 14:32:07 | 000,012,288 | ---- | M] (ROS) -- C:\Users\Alex\AppData\Roaming\ctfmon.exe
[2011.05.17 14:31:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.17 14:31:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.17 14:31:14 | 2411,884,544 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.17 14:08:47 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.15 21:01:41 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.15 21:01:41 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.15 21:01:41 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.15 21:01:41 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.12 16:35:22 | 000,140,073 | ---- | M] () -- C:\Users\Alex\Desktop\227021_224202754263128_161211400562264_1065642_3125040_n.jpg
[2011.05.12 16:35:03 | 000,021,720 | ---- | M] () -- C:\Users\Alex\Desktop\227021_224202754263128_161211400562264_1065642_3125040_a.jpg
[2011.05.11 17:49:33 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011.05.08 20:45:40 | 000,704,479 | ---- | M] () -- C:\Users\Alex\Desktop\A28B6E6D-1143-DA39-718816B0987F6E6C.pdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.05.17 14:59:40 | 000,002,967 | ---- | C] () -- C:\Users\Alex\Desktop\HJT.lnk
[2011.05.17 14:08:47 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.12 16:35:22 | 000,140,073 | ---- | C] () -- C:\Users\Alex\Desktop\227021_224202754263128_161211400562264_1065642_3125040_n.jpg
[2011.05.12 16:35:02 | 000,021,720 | ---- | C] () -- C:\Users\Alex\Desktop\227021_224202754263128_161211400562264_1065642_3125040_a.jpg
[2011.05.11 22:25:29 | 000,000,716 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.05.11 17:49:33 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011.05.08 20:45:40 | 000,704,479 | ---- | C] () -- C:\Users\Alex\Desktop\A28B6E6D-1143-DA39-718816B0987F6E6C.pdf
[2011.05.02 15:21:42 | 000,000,773 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.01.07 14:11:25 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2011.01.05 03:01:00 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011.01.05 02:59:30 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.12.17 00:00:12 | 000,245,220 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010.12.17 00:00:12 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.12.13 02:02:24 | 000,004,608 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.13 01:56:21 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.11.25 19:44:01 | 000,000,600 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\winscp.rnd
[2010.11.21 22:26:48 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.11.21 22:26:27 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.11.17 03:02:44 | 000,000,132 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.11.16 23:23:33 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.29 19:56:39 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.10.29 19:56:39 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.10.29 19:56:39 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010.10.29 19:56:39 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 003,807,536 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.09.11 20:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.09.09 17:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll
[2008.09.09 17:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.03.12 19:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2011.04.11 17:32:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft
[2011.01.20 00:24:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Alle meine Passworte
[2011.02.08 19:29:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\CheckPoint
[2010.12.16 21:29:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2011.05.17 14:21:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ
[2010.10.30 22:27:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ImgBurn
[2011.01.20 00:40:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\KeePass
[2010.12.05 20:35:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\KIDDINX
[2011.01.07 14:29:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mael
[2011.01.05 03:10:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MAGIX
[2011.03.29 13:34:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2011.05.11 22:25:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Opera
[2011.01.05 05:57:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Pegasys Inc
[2010.12.10 20:07:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ReaSoft
[2010.11.21 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Samsung
[2010.11.17 02:47:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.10.30 20:41:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TrueCrypt
[2011.02.06 00:23:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WebcamMax
[2011.04.07 12:57:39 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Code

OTL Extras logfile created on: 17.05.2011 15:30:57 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Alex\Desktop
Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 5,26 Gb Free Space | 18,01% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 18,16 Gb Free Space | 23,25% Space Free | Partition Type: NTFS
Drive E: | 180,67 Gb Total Space | 12,74 Gb Free Space | 7,05% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- [2010.11.23 20:10:00 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41CE9D26-2DF7-498D-8E16-314507EDEE21}" = Samsung PC Studio 3
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4B9958-F507-449A-A6E1-FD223314AF5A}" = TMPGEnc 4.0 XPress Testversion
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"{FECB001A-62F8-4E84-8FD0-4B963D039A63}" = Samsung Contacts Copier
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bibi12" = Bibi Blocksberg - Der verhexte Liebesbrief
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ImgBurn" = ImgBurn
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"JDownloader" = JDownloader
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.13
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Movies" = Movies
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 11.10.2092" = Opera 11.10
"ReaGIF_is1" = ReaGIF 2.0
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedFan" = SpeedFan (remove only)
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 550" = Left 4 Dead 2
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tales of Monkey Island" = Tales of Monkey Island
"TrueCrypt" = TrueCrypt
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"WebcamMax" = WebcamMax
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.9
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Seitenanfang Seitenende
22.05.2011, 15:08
Moderator

Beiträge: 5694
#3 Sorry, Dein Thread ging unter. Bestehen die Probleme noch und hast Du dies noch auf keinem weiteren Forum gepostet?
Seitenanfang Seitenende
23.05.2011, 09:57
Member

Themenstarter

Beiträge: 19
#4 kein problem ^^

ja das problem besteht weiterhin und nein habe dies noch in keinem anderen Forum gepostet...

noch zu sagen wäre dass der befund immer anders heißt, also das "xxx.dll"

mfg rockin
Seitenanfang Seitenende
23.05.2011, 19:54
Moderator

Beiträge: 5694
#5 Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

BleepingComputer
ForoSpyware**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**




• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.
Seitenanfang Seitenende
24.05.2011, 16:14
Member

Themenstarter

Beiträge: 19
#6

Code

ComboFix 11-05-23.02 - Alex 24.05.2011  15:56:39.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3067.1426 [GMT 2:00]
ausgeführt von:: c:\users\Alex\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Roaming\25907.exe
c:\users\Alex\AppData\Roaming\26524.exe
c:\users\Alex\AppData\Roaming\37389.exe
c:\users\Alex\AppData\Roaming\42758.exe
c:\users\Alex\AppData\Roaming\48934.exe
c:\users\Alex\AppData\Roaming\54864.exe
c:\users\Alex\AppData\Roaming\66962.exe
c:\users\Alex\AppData\Roaming\80071.exe
c:\users\Alex\AppData\Roaming\ctfmon.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-24 bis 2011-05-24  ))))))))))))))))))))))))))))))
.
.
2011-05-24 14:03 . 2011-05-24 14:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-05-24 09:50 . 2011-05-09 20:46    6962000    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{70A42A24-A107-41F1-AC92-FF804D9B1315}\mpengine.dll
2011-05-24 06:58 . 2011-05-24 06:58    --------    d-----w-    c:\users\Alex\AppData\Local\{F78E6646-9A9D-4078-8782-C270E3678E17}
2011-05-23 16:20 . 2011-05-23 16:20    --------    d-----w-    c:\users\Alex\AppData\Local\MetaGeek,_LLC
2011-05-23 07:29 . 2011-05-23 07:30    --------    d-----w-    c:\users\Alex\AppData\Local\{B884321A-575C-4CEE-AEEA-18A6FFC697C4}
2011-05-22 19:28 . 2011-05-22 19:29    --------    d-----w-    c:\users\Alex\AppData\Local\{94A39DAD-8AC7-46FB-830A-3AF8D1B528A6}
2011-05-20 17:10 . 2011-05-20 17:10    404640    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 17:10 . 2011-05-20 17:10    --------    d-----w-    c:\users\Alex\AppData\Local\{C7F8CB77-BB63-4C76-BACC-AD4D1988EE0C}
2011-05-19 15:56 . 2011-04-09 05:56    123904    ----a-w-    c:\windows\system32\poqexec.exe
2011-05-19 15:53 . 2011-05-19 15:53    --------    d-----w-    c:\users\Alex\AppData\Local\{059E95F6-07BA-497A-BFFC-540BC9EA12CA}
2011-05-18 22:00 . 2011-05-18 22:01    --------    d-----w-    c:\users\Alex\AppData\Roaming\SimpleGlass
2011-05-18 18:04 . 2011-05-18 18:12    --------    d-----w-    c:\users\Alex\DoctorWeb
2011-05-18 11:17 . 2011-05-18 11:17    --------    d-----w-    c:\users\Alex\AppData\Local\{1F2C840F-AE78-42DD-BD65-A52656E2E0EA}
2011-05-17 12:59 . 2011-05-17 12:59    388096    ----a-r-    c:\users\Alex\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-17 12:59 . 2011-05-17 12:59    --------    d-----w-    c:\program files\HJT
2011-05-17 12:08 . 2011-05-17 12:08    --------    d-----w-    c:\users\Alex\AppData\Roaming\Malwarebytes
2011-05-17 12:08 . 2010-12-20 16:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-17 12:08 . 2011-05-17 12:08    --------    d-----w-    c:\programdata\Malwarebytes
2011-05-17 12:08 . 2011-05-17 12:08    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-05-17 12:08 . 2010-12-20 16:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-05-17 11:25 . 2011-05-17 11:25    --------    d-----w-    c:\users\Alex\AppData\Local\{75F03DBA-D8AC-49D0-8237-958ADD825997}
2011-05-16 13:23 . 2011-05-16 13:23    --------    d-----w-    c:\users\Alex\AppData\Local\{E55CBF78-0AFF-4707-8D15-896E2A54E0E8}
2011-05-15 18:55 . 2011-05-15 18:56    --------    d-----w-    c:\users\Alex\AppData\Local\{BC735604-CC1A-4CF8-9821-8FB37E7B0BEA}
2011-05-15 12:38 . 2011-05-15 12:38    --------    d-----w-    c:\users\Alex\AppData\Local\{C7981A41-37F6-468C-80B0-5342CEF9C161}
2011-05-14 13:07 . 2011-05-14 13:07    --------    d-----w-    c:\users\Alex\AppData\Local\{20F38046-029B-4139-99DB-F3514BE11FEE}
2011-05-13 14:02 . 2011-05-13 14:02    --------    d-----w-    c:\users\Alex\AppData\Local\{5BBD8E1E-322F-41E0-9806-796E0E3C8CE3}
2011-05-12 14:26 . 2011-05-12 14:26    --------    d-----w-    c:\users\Alex\AppData\Local\{F1F32BB9-8903-4BE0-A27B-5B4DBA614A15}
2011-05-11 20:25 . 2011-05-11 20:25    --------    d-----w-    c:\users\Alex\AppData\Local\Opera
2011-05-11 15:40 . 2011-03-25 03:06    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2011-05-11 15:40 . 2011-03-25 03:06    284160    ----a-w-    c:\windows\system32\drivers\usbport.sys
2011-05-11 15:40 . 2011-03-25 03:06    75776    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2011-05-11 15:40 . 2011-03-25 03:06    43008    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2011-05-11 15:40 . 2011-03-25 03:06    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2011-05-11 15:40 . 2011-03-25 03:06    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2011-05-11 15:40 . 2011-03-25 03:06    5888    ----a-w-    c:\windows\system32\drivers\usbd.sys
2011-05-11 15:40 . 2011-04-09 06:13    3957632    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2011-05-11 15:40 . 2011-04-09 06:13    3901824    ----a-w-    c:\windows\system32\ntoskrnl.exe
2011-05-11 15:35 . 2011-05-11 15:35    --------    d-----w-    c:\users\Alex\AppData\Local\{EC75773F-DB6D-4BC1-AE7F-0759160DC260}
2011-05-10 15:29 . 2011-05-10 15:29    --------    d-----w-    c:\users\Alex\AppData\Local\{E64E04B7-7321-4895-B5C3-69E12F3C04E6}
2011-05-09 16:20 . 2011-05-09 16:20    --------    d-----w-    c:\users\Alex\AppData\Local\{0400AC98-BD11-4224-8336-7DF7043277AA}
2011-05-08 18:04 . 2011-05-08 18:04    --------    d-----w-    c:\users\Alex\AppData\Local\{D3BE43C3-957E-44D8-8C98-8EF892C9257F}
2011-05-08 16:35 . 2011-05-08 16:35    --------    d-----w-    c:\users\Alex\AppData\Local\{FC8F3C05-45C4-49F0-8921-E281F7C79D3F}
2011-05-07 23:45 . 2011-05-07 23:45    --------    d-----w-    c:\users\Alex\AppData\Local\{6EF69C9A-DF58-43AF-A1F8-A40BC5328B65}
2011-05-07 09:11 . 2011-05-07 09:11    --------    d-----w-    c:\users\Alex\AppData\Local\{13AC0552-4BF6-4AFE-87AC-A484BD2BFDF3}
2011-05-06 12:27 . 2011-05-06 12:27    --------    d-----w-    c:\users\Alex\AppData\Local\{F6A2D699-9254-421E-AE74-4708D30A35A7}
2011-05-06 00:26 . 2011-05-06 00:26    --------    d-----w-    c:\users\Alex\AppData\Local\{3B6ABBE2-4BF7-403D-9D3A-0BA6249039CE}
2011-05-05 12:25 . 2011-05-05 12:26    --------    d-----w-    c:\users\Alex\AppData\Local\{7800C4E6-AA2B-4B05-AD59-62C98FEDEF32}
2011-05-04 10:13 . 2011-05-04 10:13    --------    d-----w-    c:\users\Alex\AppData\Local\{BCB80C4C-AB36-45FD-A504-5B4A43114724}
2011-05-03 13:47 . 2011-05-03 13:47    --------    d-----w-    c:\users\Alex\AppData\Local\{2BFFF832-2AF5-415A-9934-196BE08F11D1}
2011-05-02 05:23 . 2011-05-02 05:24    --------    d-----w-    c:\users\Alex\AppData\Local\{AA4D3900-CD16-43DD-BF54-1A46A4D72350}
2011-05-01 10:10 . 2011-05-01 10:10    --------    d-----w-    c:\users\Alex\AppData\Local\{107FBECA-BD5D-45A8-B49E-DF2855A533CC}
2011-04-30 14:41 . 2011-04-30 14:41    --------    d-----w-    c:\users\Alex\AppData\Local\{1A46960C-45AE-4D4A-83A9-B4784A3F38FD}
2011-04-29 13:37 . 2011-04-29 13:37    --------    d-----w-    c:\users\Alex\AppData\Local\{9E847585-D756-4941-8311-C41E2F79048C}
2011-04-28 20:33 . 2011-04-28 20:33    --------    d-----w-    c:\users\Alex\AppData\Local\{7EE8ADE3-7AF3-431E-984E-02033CB0C6A5}
2011-04-27 17:24 . 2011-02-18 05:33    31232    ----a-w-    c:\windows\system32\prevhost.exe
2011-04-27 17:24 . 2011-03-11 05:44    143744    ----a-w-    c:\windows\system32\drivers\nvstor.sys
2011-04-27 17:24 . 2011-03-11 05:44    1210240    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2011-04-27 17:24 . 2011-03-11 05:44    117120    ----a-w-    c:\windows\system32\drivers\nvraid.sys
2011-04-27 17:24 . 2011-03-11 05:44    146304    ----a-w-    c:\windows\system32\drivers\storport.sys
2011-04-27 17:24 . 2011-03-11 05:43    332160    ----a-w-    c:\windows\system32\drivers\iaStorV.sys
2011-04-27 17:24 . 2011-03-11 05:43    80256    ----a-w-    c:\windows\system32\drivers\amdsata.sys
2011-04-27 17:24 . 2011-03-11 05:43    22400    ----a-w-    c:\windows\system32\drivers\amdxata.sys
2011-04-27 17:24 . 2011-03-11 05:39    1686016    ----a-w-    c:\windows\system32\esent.dll
2011-04-27 17:24 . 2011-03-11 05:37    74240    ----a-w-    c:\windows\system32\fsutil.exe
2011-04-27 17:23 . 2011-03-12 11:31    442880    ----a-w-    c:\windows\system32\XpsPrint.dll
2011-04-27 17:23 . 2011-02-26 05:33    2614784    ----a-w-    c:\windows\explorer.exe
2011-04-27 17:12 . 2011-04-27 17:12    --------    d-----w-    c:\users\Alex\AppData\Local\{F4E050EA-600D-4736-82C2-D36DD6968E96}
2011-04-24 16:16 . 2011-04-24 16:16    --------    d-----w-    c:\users\Alex\AppData\Local\{889F5AFF-6737-4BC5-9EA5-FFDC53951F16}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-04 14:56 . 2010-11-04 17:23    2300696    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-04 14:56 . 2010-11-04 17:21    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-04 14:56 . 2010-11-04 17:21    1220416    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-19 12:06 . 2011-03-19 12:06    2300696    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2011-03-19 12:06 . 2010-11-29 23:15    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-19 12:06 . 2011-03-19 12:06    1220416    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-3\SpotlightResources.dll
2011-03-18 19:52 . 2010-10-29 13:41    137656    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2011-03-11 13:40 . 2010-06-24 09:33    18328    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-11 05:40 . 2011-04-14 05:18    1137664    ----a-w-    c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-14 05:18    1164288    ----a-w-    c:\windows\system32\mfc42u.dll
2011-03-08 05:38 . 2011-04-14 05:18    740864    ----a-w-    c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-14 15:13    132608    ----a-w-    c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-14 15:13    28672    ----a-w-    c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-14 05:18    2331136    ----a-w-    c:\windows\system32\win32k.sys
2011-02-28 09:39 . 2011-03-02 18:46    35500032    ----a-w-    c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nero_Portable_10.2.12.100_Multilingual.exe
2011-02-24 05:32 . 2011-04-14 05:18    288256    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-15 15:09    981504    ----a-w-    c:\windows\system32\wininet.dll
2011-02-24 05:30 . 2011-04-15 15:09    44544    ----a-w-    c:\windows\system32\licmgr10.dll
2011-02-24 04:23 . 2011-04-15 15:09    386048    ----a-w-    c:\windows\system32\html.iec
2011-02-24 03:50 . 2011-04-15 15:09    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2006-05-03 10:06    163328    --sh--r-    c:\windows\System32\flvDX.dll
2007-02-21 11:47    31232    --sh--r-    c:\windows\System32\msfDX.dll
2008-03-16 13:30    216064    --sh--r-    c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 10:50    2517088    ----a-w-    c:\program files\ZoneAlarm-Sicherheit\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Steam"="d:\program files\Steam\steam.exe" [2010-12-05 1242448]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="d:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3575808]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="d:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-30 9914984]
"TrayServer"="d:\program files\MAGIX\Video_deluxe_15_Premium\TrayServer.exe" [2008-08-07 90112]
"KeePass 2 PreLoad"="d:\program files\KeePass Password Safe 2\KeePass.exe" [2010-09-05 1655296]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-06-15 738808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"BCSSync"="d:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nero_Portable_10.2.12.100_Multilingual.exe [2011-2-28 35500032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 08:05    568072    ----a-w-    c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       c:\program files\Acer Bio Protection\PwdFilter
Security Packages    REG_MULTI_SZ       kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 136176]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-05 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-09-05 3453440]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 493048]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-06-24 44544]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
nosGetPlusHelper    REG_MULTI_SZ       nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 13:45]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 13:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4ndf5bd5.default\
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?ie=UTF-8&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001\Software\Adobe\MediaBrowser\MRU\Photoshop\FileList\2010-11-17T01:16.5051Z]
@DACL=(02 0000)
@="c:\\Users\\Alex\\Pictures\\SuperHRNSHN.jpg"
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001\Software\Local AppWizard-Generated Applications\DestComp]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C051668C-F20D-EE2C-DE81-3B99B3DD497F}*]
"hadhcadaicbbbejd"=hex:6b,61,6f,66,63,6b,6c,6a,61,6b,6a,6d,67,68,69,6e,69,70,
   62,6a,6d,6b,00,00
"iangilpigddeieeglm"=hex:6b,61,6f,66,63,6b,6c,6a,61,6b,6a,6d,67,68,69,6e,69,70,
   62,6a,6d,6b,00,00
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles]
@DACL=(02 0000)
"CheckingForSolutionDialog"=hex(b):04,06,07,00,00,00,00,00
"FirstLevelConsentDialog"=hex(b):04,06,07,00,00,00,00,00
"CloseDialog"=hex(b):86,0c,3d,00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001\Software\Samsung PC Studio\LiveUpdate]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\6]
@DACL=(02 0000)
"0"=hex:50,00,31,00,00,00,00,00,8a,3d,6c,8f,10,00,4d,6f,76,69,65,73,00,00,3a,
   00,08,00,04,00,ef,be,8a,3d,6b,8f,8a,3d,6c,8f,2a,00,00,00,e8,25,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:00000278
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\8]
@DACL=(02 0000)
"NodeSlot"=dword:000003a6
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\2]
@DACL=(02 0000)
"0"=hex:4c,00,31,00,00,00,00,00,25,3e,0c,08,10,00,4d,41,47,49,58,00,38,00,08,
   00,04,00,ef,be,25,3e,0c,08,25,3e,0c,08,2a,00,00,00,37,30,00,00,00,00,02,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:00000416
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\18\0]
@DACL=(02 0000)
"NodeSlot"=dword:000000c2
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\19]
@DACL=(02 0000)
"NodeSlot"=dword:0000009b
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:98,00,31,00,00,00,00,00,68,39,d4,99,10,00,43,41,4c,4c,4f,46,7e,31,2e,
   58,33,36,00,00,7c,00,08,00,04,00,ef,be,5e,3d,e9,84,5e,3d,16,88,2a,00,00,00,\
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\1]
@DACL=(02 0000)
"0"=hex:74,00,31,00,00,00,00,00,25,3e,62,09,10,20,56,49,44,45,4f,5f,7e,31,00,
   00,5c,00,08,00,04,00,ef,be,25,3e,60,09,25,3e,62,09,2a,00,00,00,49,f0,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\2\2]
@DACL=(02 0000)
"NodeSlot"=dword:00000332
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0]
@DACL=(02 0000)
"0"=hex:4a,00,31,00,00,00,00,00,8a,3d,e1,91,10,00,67,69,66,73,00,00,36,00,08,
   00,04,00,ef,be,8a,3d,56,91,8a,3d,e1,91,2a,00,00,00,6d,00,01,00,00,00,17,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:00000336
.
[HKEY_USERS\S-1-5-21-903350691-1991897273-3093577511-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0]
@DACL=(02 0000)
"NodeSlot"=dword:00000047
"MRUListEx"=hex:ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(580)
c:\program files\Acer Bio Protection\PwdFilter.DLL
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2011-05-24  16:06:46
ComboFix-quarantined-files.txt  2011-05-24 14:06
.
Vor Suchlauf: 5.855.551.488 Bytes frei
Nach Suchlauf: 5.828.988.928 Bytes frei
.
- - End Of File - - D24BE743860E4D14E3AE96EFDAEF69BC
Seitenanfang Seitenende
24.05.2011, 18:42
Moderator

Beiträge: 5694
#7 Und wie läufts?
Seitenanfang Seitenende
25.05.2011, 19:57
Member

Themenstarter

Beiträge: 19
#8 ist wieder aufgetreten...


In der Datei 'C:\Users\Alex\AppData\Local\Temp\vghmq9i9.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.5120.150' [trojan] gefunden.
Seitenanfang Seitenende
26.05.2011, 17:05
Member

Themenstarter

Beiträge: 19
#9 heute bis jetzt noch nicht aufgetreten...
Seitenanfang Seitenende
26.05.2011, 17:27
Moderator

Beiträge: 5694
#10 Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
• Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Das Tool braucht nur eine Sekunde.
• Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
Seitenanfang Seitenende
27.05.2011, 17:57
Member

Themenstarter

Beiträge: 19
#11 bis jetzt hat sich avira nicht mehr gemeldet... das letzte mal ist es am 25.05.2011 um 10:14 aufgetreten...seitdem hatte ich öfters ein systemstart, hoffentlich bleibt dies so ;)


Code

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:            
Windows Version:        Windows 7 Ultimate Edition
Windows Information:         (build 7600), 32-bit
Base Board Manufacturer:    Acer, Inc.
BIOS Manufacturer:        Acer
System Manufacturer:        Acer, inc.
System Product Name:        Aspire 6930G
Logical Drives Mask:        0x000000fc

Kernel Drivers (total 213):
  0x82E06000 \SystemRoot\system32\ntkrnlpa.exe
  0x83216000 \SystemRoot\system32\halmacpi.dll
  0x80BA9000 \SystemRoot\system32\kdcom.dll
  0x8B023000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8B09B000 \SystemRoot\system32\PSHED.dll
  0x8B0AC000 \SystemRoot\system32\BOOTVID.dll
  0x8B0B4000 \SystemRoot\system32\CLFS.SYS
  0x8B0F6000 \SystemRoot\system32\CI.dll
  0x8B22D000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8B29E000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8B2AC000 \SystemRoot\System32\Drivers\spue.sys
  0x8B39F000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x8B3A8000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x8B1A1000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x8B3CE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8B3D6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x8B200000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8B3E1000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B3F2000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8B1E9000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8B000000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8B430000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8B47B000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8B491000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8B56B000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x8B574000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x8B597000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x8B5A1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8B5AF000 \SystemRoot\system32\drivers\amdxata.sys
  0x8B5B8000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8B5EC000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B637000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B766000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B791000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B81D000 \SystemRoot\System32\Drivers\cng.sys
  0x8B87A000 \SystemRoot\System32\drivers\pcw.sys
  0x8B888000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8B891000 \SystemRoot\system32\drivers\ndis.sys
  0x8B948000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B986000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8BA0E000 \SystemRoot\System32\drivers\tcpip.sys
  0x8BB57000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8BB88000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8BB91000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8BBD0000 \SystemRoot\System32\Drivers\spldr.sys
  0x8BBD8000 \SystemRoot\system32\speedfan.sys
  0x8B9AB000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8BBDC000 \SystemRoot\System32\Drivers\mup.sys
  0x8BBEC000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8BBF4000 \SystemRoot\system32\giveio.sys
  0x8B7A4000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B9D8000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8B7D6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8F8FF000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F91E000 \SystemRoot\System32\Drivers\Null.SYS
  0x8F925000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8F92C000 \SystemRoot\System32\drivers\vga.sys
  0x8F938000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8F959000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F966000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8F96E000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8F976000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8F97E000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8F989000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8F997000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8F9AE000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x90634000 \SystemRoot\system32\drivers\afd.sys
  0x9068E000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x906C0000 \SystemRoot\system32\DRIVERS\vsdatant.sys
  0x9074B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x90752000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90771000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x90782000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x90790000 \SystemRoot\System32\Drivers\StarOpen.SYS
  0x90796000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x907A9000 \SystemRoot\System32\drivers\truecrypt.sys
  0x907E0000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x907F0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8F9B9000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x907F6000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x90600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x9060A000 \SystemRoot\System32\drivers\discache.sys
  0x9042B000 \SystemRoot\system32\drivers\csc.sys
  0x9048F000 \SystemRoot\System32\Drivers\dfsc.sys
  0x904A7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x904B5000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x904DB000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x904FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x90500000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x91A17000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x9236E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x90509000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x92370000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x923A9000 \SystemRoot\system32\drivers\usbuhci.sys
  0x923B4000 \SystemRoot\system32\drivers\USBPORT.SYS
  0x91A00000 \SystemRoot\system32\drivers\usbehci.sys
  0x905C0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x92816000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
  0x92DF5000 \SystemRoot\System32\drivers\vwifibus.sys
  0x92800000 \SystemRoot\system32\DRIVERS\L1E62x86.sys
  0x905DF000 \SystemRoot\system32\DRIVERS\nuvotoncir.sys
  0x90400000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x92810000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x90418000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x98201000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x9833E000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x98340000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x9834D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x98353000 \SystemRoot\System32\Drivers\ajxbl4cu.SYS
  0x9838C000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x9839E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x983AB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x983BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x983D5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8B600000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x983E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x90616000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8B9E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x905F3000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x983F8000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x98C0A000 \SystemRoot\system32\DRIVERS\ks.sys
  0x98C3E000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x98C4C000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x98C5A000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x98C9E000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x99A28000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x99D51000 \SystemRoot\system32\drivers\portcls.sys
  0x99D80000 \SystemRoot\system32\drivers\drmk.sys
  0x99D99000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
  0x98CAF000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
  0x99816000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
  0x998CB000 \SystemRoot\system32\drivers\modem.sys
  0x998D8000 \SystemRoot\system32\drivers\HdAudio.sys
  0x99928000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x99937000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x9994A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x99951000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x9995D000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x82930000 \SystemRoot\System32\win32k.sys
  0x99968000 \SystemRoot\System32\drivers\Dxapi.sys
  0x99972000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8F800000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x9997F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x99990000 \SystemRoot\System32\Drivers\RtsUStor.sys
  0x999BD000 \SystemRoot\System32\Drivers\tcusb.sys
  0x999C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x99DD6000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x999DF000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x82B90000 \SystemRoot\System32\TSDDD.dll
  0x82BA0000 \SystemRoot\System32\ATMFD.DLL
  0x82820000 \SystemRoot\System32\cdd.dll
  0x999EA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x99A00000 \SystemRoot\system32\drivers\luafv.sys
  0x98DB1000 \SystemRoot\system32\drivers\WudfPf.sys
  0x99800000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9E227000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9E26D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9E27D000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9E290000 \SystemRoot\system32\DRIVERS\vwifimp.sys
  0x9E299000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
  0x9E2A1000 \SystemRoot\system32\drivers\HTTP.sys
  0x9E326000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9E33F000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9E351000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9E374000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9E3AF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9E3E2000 \??\C:\Windows\system32\drivers\int15.sys
  0xA4437000 \SystemRoot\system32\drivers\peauth.sys
  0xA44CE000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA44D8000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA44F9000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA4570000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA1409000 \SystemRoot\System32\DRIVERS\srv.sys
  0x76F70000 \Windows\System32\ntdll.dll
  0x47D70000 \Windows\System32\smss.exe
  0x771B0000 \Windows\System32\apisetschema.dll
  0x00290000 \Windows\System32\autochk.exe
  0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
  0x770F0000 \Windows\System32\msvcrt.dll
  0x76F10000 \Windows\System32\difxapi.dll
  0x76E40000 \Windows\System32\msctf.dll
  0x76DE0000 \Windows\System32\shlwapi.dll
  0x76CE0000 \Windows\System32\wininet.dll
  0x770E0000 \Windows\System32\nsi.dll
  0x770D0000 \Windows\System32\psapi.dll
  0x76C50000 \Windows\System32\clbcatq.dll
  0x76A50000 \Windows\System32\iertutil.dll
  0x768F0000 \Windows\System32\ole32.dll
  0x76860000 \Windows\System32\oleaut32.dll
  0x76810000 \Windows\System32\gdi32.dll
  0x76760000 \Windows\System32\rpcrt4.dll
  0x770C0000 \Windows\System32\lpk.dll
  0x76620000 \Windows\System32\urlmon.dll
  0x76550000 \Windows\System32\user32.dll
  0x763B0000 \Windows\System32\setupapi.dll
  0x76370000 \Windows\System32\ws2_32.dll
  0x76350000 \Windows\System32\sechost.dll
  0x76320000 \Windows\System32\imagehlp.dll
  0x76240000 \Windows\System32\kernel32.dll
  0x761F0000 \Windows\System32\Wldap32.dll
  0x755A0000 \Windows\System32\shell32.dll
  0x75520000 \Windows\System32\comdlg32.dll
  0x75500000 \Windows\System32\imm32.dll
  0x75460000 \Windows\System32\usp10.dll
  0x753C0000 \Windows\System32\advapi32.dll
  0x770B0000 \Windows\System32\normaliz.dll
  0x752A0000 \Windows\System32\crypt32.dll
  0x75280000 \Windows\System32\devobj.dll
  0x75250000 \Windows\System32\cfgmgr32.dll
  0x75200000 \Windows\System32\KernelBase.dll
  0x75170000 \Windows\System32\comctl32.dll
  0x75140000 \Windows\System32\wintrust.dll
  0x75130000 \Windows\System32\msasn1.dll

Processes (total 74):
       0 System Idle Process
       4 System
     296 C:\Windows\System32\smss.exe
     436 csrss.exe
     524 C:\Windows\System32\wininit.exe
     532 csrss.exe
     572 C:\Windows\System32\services.exe
     588 C:\Windows\System32\lsass.exe
     596 C:\Windows\System32\lsm.exe
     704 C:\Windows\System32\svchost.exe
     776 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
     808 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
     816 C:\Windows\System32\conhost.exe
     880 C:\Windows\System32\winlogon.exe
     988 C:\Windows\System32\nvvsvc.exe
    1020 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1192 C:\Windows\System32\svchost.exe
    1372 C:\Windows\System32\svchost.exe
    1476 C:\Windows\System32\nvvsvc.exe
    1560 C:\Windows\System32\svchost.exe
    1628 C:\Program Files\Common Files\SPBA\upeksvr.exe
    1636 C:\Windows\System32\ZoneLabs\vsmon.exe
    1848 C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
     324 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
     360 C:\Windows\System32\spoolsv.exe
     820 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1036 C:\Windows\System32\svchost.exe
    2044 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1616 C:\Program Files\Bonjour\mDNSResponder.exe
    1732 C:\Windows\System32\svchost.exe
    1600 C:\Windows\System32\svchost.exe
    1688 C:\Program Files\Acer Bio Protection\BASVC.exe
    2088 C:\Windows\System32\svchost.exe
    2148 C:\Windows\System32\svchost.exe
    2244 C:\Windows\System32\svchost.exe
    2336 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2400 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2420 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2712 C:\Windows\System32\svchost.exe
    2968 C:\Windows\System32\svchost.exe
    3548 C:\Windows\System32\taskhost.exe
    3672 C:\Windows\System32\dwm.exe
    3772 C:\Windows\explorer.exe
    1276 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3092 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3132 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3212 C:\Windows\PLFSetI.exe
    3268 C:\Program Files\Acer Bio Protection\PdtWzd.exe
    3888 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3924 C:\Program Files\Launch Manager\QtZgAcer.EXE
    3984 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2456 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3012 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    3516 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3196 D:\Program Files\ICQ7.2\ICQ.exe
    3952 C:\Windows\System32\SearchIndexer.exe
    3328 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4492 C:\Windows\System32\svchost.exe
    4504 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    5152 dllhost.exe
    5712 C:\Windows\System32\svchost.exe
    5584 D:\Program Files\Mozilla Firefox\firefox.exe
    6116 D:\Program Files\Mozilla Firefox\plugin-container.exe
    3104 C:\Windows\System32\audiodg.exe
    2260 D:\Program Files\Mozilla Firefox\plugin-container.exe
     668 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    3452 C:\Windows\System32\SearchProtocolHost.exe
    5240 C:\Windows\System32\SearchFilterHost.exe
    5536 dllhost.exe
    3752 dllhost.exe
    4860 C:\Users\Alex\Desktop\MBRCheck.exe
    6020 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`86500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`d3100000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001d`5b100000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40C

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
Seitenanfang Seitenende
28.05.2011, 20:20
Moderator

Beiträge: 5694
#12 Schritt 1

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.


Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".• drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: