Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: nach Systemstart öffnet sich Firefox und zeigt Werbung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.11.2010, 22:00   #1
spakz
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



hallo,

seit ein paar Tagen zeigt mein Firefox nach jedem Systemneustart WERBUNG.
Ich nutze Windows 7 Ultimate 32 Bit

Habe Avast durchlaufen lassen - nichts
Habe SUPERAntiSpyware durchlaufen lassen - nichts
habe Malwarebytes durchlaufen lassen - treffer

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5170

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.11.2010 21:30:31
mbam-log-2010-11-22 (21-30-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147445
Laufzeit: 4 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Mustermann\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
         
Die data.dat lässt sich nicht entfernen. nach jedem Neustart ist die Datei wieder da. Ausserdem sind mir die Dateien Messeger.exe und Torrant.exe (nein, sind beide richtig geschrieben) aufgefallen. Mein Zonealarm hat mich einmal gefragt, ob ich die Datei Messeger.exe blocken möchte. Ich habe always deny angeklickt und danach ging zum ersten mal automatisch Firefox auf und hat werbung gezeigt.

bitte um Hilfe!

Alt 22.11.2010, 22:24   #2
rea
/// Helfer-Team
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



Hallo spakz,

vorweg ein paar Hinweise (Bitte beachten!):

  • Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.
  • Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst.
  • Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.
  • Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.
  • Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.
  • Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.
  • Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.
  • Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis



Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung:






1.) Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.




2.) Gmer - Rootkitscan
Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    ATTFilter
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
             
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
__________________

__________________

Alt 22.11.2010, 23:09   #3
spakz
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



vielen Dank für die Zügige Antwort. Ich werde vor Mittwoch nicht dazu kommen deine Anleitung abzuarbeiten.

gruss
__________________

Alt 23.11.2010, 06:19   #4
rea
/// Helfer-Team
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



Okay, danke für den hinweis und bis dann
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 25.11.2010, 20:23   #5
spakz
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



doppel post...
...keine ahnung wie ich löschen kann


Geändert von spakz (25.11.2010 um 20:28 Uhr)

Alt 25.11.2010, 20:24   #6
spakz
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



OTL

Code:
ATTFilter
OTL logfile created on: 25.11.2010 19:28:52 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\xxx\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 216,78 Gb Free Space | 72,75% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1627,74 Gb Free Space | 87,37% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.25 19:27:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2010.10.29 15:18:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.10.16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.09.07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.06.23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2010.06.23 12:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.05.02 16:29:34 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Program Files\nHancer\nHancerService.exe
PRC - [2010.03.26 17:02:56 | 008,546,848 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2009.10.14 14:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009.04.23 14:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008.02.28 10:58:42 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
PRC - [2008.02.28 10:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2008.02.19 08:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
PRC - [2007.03.13 14:33:56 | 000,196,608 | ---- | M] () -- C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.25 19:27:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.10.14 14:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.06.10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009.06.10 22:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll
MOD - [2007.03.13 14:01:44 | 000,032,768 | ---- | M] () -- C:\Windows\System32\Amhooker.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- E:\Games Sammlung\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2010.11.18 17:01:00 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.09.29 09:57:46 | 000,616,448 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.08.13 08:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.06.23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.05.02 16:29:34 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Program Files\nHancer\nHancerService.exe -- (nHancer)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009.10.14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008.02.19 08:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\xxxf\Desktop\vfd21-080206\vfd.sys -- (VirtualFD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\xxx\AppData\Local\Temp\adxapie.sys -- (adxapie)
DRV - [2010.10.22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.10.11 13:04:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.11 13:04:42 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.09.07 21:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.09.07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.09.07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.05.15 15:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.04.05 11:47:50 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.03.26 17:24:58 | 003,048,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.03.10 15:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.10.20 10:27:02 | 000,144,896 | ---- | M] (GMX GmbH) [File_System | System | Running] -- C:\Windows\System32\drivers\uigxrdr.SYS -- (uigxrdr)
DRV - [2009.10.14 14:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.03.01 22:05:32 | 000,139,776 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009.02.13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.19 04:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007.01.24 18:56:56 | 000,008,704 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\System32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2007.01.19 11:35:06 | 000,013,824 | ---- | M] ((Standard mouse types)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2005.12.20 18:23:00 | 000,023,872 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys -- (FXDrv32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 D7 F4 51 C6 88 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.11.14 12:10:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.29 15:18:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.29 15:18:45 | 000,000,000 | ---D | M]
 
[2010.04.02 15:52:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2010.11.22 19:09:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions
[2010.06.07 18:47:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.05.28 16:49:16 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010.08.27 15:18:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.10.17 11:06:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions\nasanightlaunch@example.com
[2010.05.28 16:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\kxtlstpc.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010.04.05 11:48:05 | 000,002,059 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\FireFox\Profiles\kxtlstpc.default\searchplugins\daemon-search.xml
[2010.11.21 12:34:14 | 000,001,056 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\FireFox\Profiles\kxtlstpc.default\searchplugins\icqplugin.xml
[2010.04.05 12:12:06 | 000,004,140 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\FireFox\Profiles\kxtlstpc.default\searchplugins\youtube.xml
[2010.11.22 19:09:22 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.11.01 13:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.14 17:10:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 16:52:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.06.30 19:41:29 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.09.27 12:26:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.27 12:26:14 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.27 12:26:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.27 12:26:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.27 12:26:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.23 17:25:00 | 000,000,934 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [msconfig.exe] C:\Users\xxx\AppData\Roaming\Microsoft\System\Services\msconfig.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{32356822-3e76-11df-81c3-001c253bb8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{32356822-3e76-11df-81c3-001c253bb8b4}\Shell\AutoRun\command - "" = H:\INSTALLER.EXE -- File not found
O33 - MountPoints2\{3faef1b9-ac6b-11df-819c-001c253bb8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{3faef1b9-ac6b-11df-819c-001c253bb8b4}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{3faef1dc-ac6b-11df-819c-001c253bb8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{3faef1dc-ac6b-11df-819c-001c253bb8b4}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{7c072442-76f5-11df-82ab-001c253bb8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{7c072442-76f5-11df-82ab-001c253bb8b4}\Shell\AutoRun\command - "" = F:\LxSetup.exe -- File not found
O33 - MountPoints2\{8594e23f-f323-11df-b2f3-001c253bb8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{8594e23f-f323-11df-b2f3-001c253bb8b4}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{a2b7ef7d-91ba-11df-b7cd-001c253bb8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{a2b7ef7d-91ba-11df-b7cd-001c253bb8b4}\Shell\AutoRun\command - "" = F:\Welcome.exe -- File not found
O33 - MountPoints2\{d13da850-40a0-11df-92cc-001c253bb8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{d13da850-40a0-11df-92cc-001c253bb8b4}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{fa653584-e98f-11df-8c18-001c253bb8b4}\Shell\AutoRun\command - "" = E:\fscommand\LS_Start_Launch.cmd -- File not found
O33 - MountPoints2\{fa653584-e98f-11df-8c18-001c253bb8b4}\Shell\Launcher\command - "" = E:\fscommand\LS_Start_Launch.cmd -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.25 19:27:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2010.11.22 20:16:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TweakNow RegCleaner
[2010.11.22 20:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2010.11.22 20:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2010.11.21 13:32:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.11.18 18:46:49 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.11.18 18:46:49 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.11.18 18:46:49 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.11.18 18:46:49 | 010,023,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010.11.18 18:46:49 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.11.18 18:46:49 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.11.18 18:46:49 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.11.18 18:46:49 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322050.dll
[2010.11.18 18:46:49 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322030.dll
[2010.11.18 18:46:49 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2010.11.18 18:46:49 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.11.18 18:46:49 | 000,123,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2010.11.18 18:46:49 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.11.18 18:46:49 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2010.11.18 18:46:49 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.11.16 12:25:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\vlc
[2010.11.14 17:43:54 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010.11.14 17:43:54 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010.11.14 17:43:53 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010.11.14 17:43:53 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010.11.14 17:43:53 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010.11.14 17:43:53 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.11.14 17:43:53 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010.11.14 17:43:53 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010.11.14 17:43:53 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010.11.14 17:43:53 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.11.14 17:43:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.11.14 17:43:52 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.11.14 17:43:52 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.11.14 17:43:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.11.14 17:43:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.11.14 17:43:50 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.11.14 17:43:50 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.11.14 17:43:49 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.11.14 17:43:49 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.11.14 17:43:48 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.11.14 17:43:46 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.11.14 17:43:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.11.14 17:43:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.11.14 17:43:46 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.11.14 17:43:46 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.11.14 17:43:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.11.14 17:43:46 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.11.08 14:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.11.08 14:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010.11.08 14:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010.11.07 13:25:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\FalloutNV
[2010.11.06 17:04:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\HitachiGST
[2010.11.06 16:38:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Cooliris
[2010.11.06 16:37:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\LifeStudio
[2010.11.06 16:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitachi GST
[2010.11.06 15:40:17 | 000,000,000 | ---D | C] -- C:\temp
[2010.11.06 14:03:05 | 000,000,000 | ---D | C] -- C:\directory
[2010.11.06 12:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2010.11.06 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2010.11.06 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Sports Interactive
[2010.11.06 12:57:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Sports Interactive
[2010.11.06 12:57:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Sports Interactive
[2010.11.06 12:56:13 | 000,000,000 | ---D | C] -- C:\Windows\IswTmp
[2010.11.06 12:56:02 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010.11.06 12:56:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010.11.06 12:56:01 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010.11.06 12:56:00 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.11.06 12:56:00 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010.11.06 12:56:00 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.11.06 12:56:00 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010.11.06 12:56:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010.11.06 12:55:59 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.11.06 12:55:58 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010.11.06 12:55:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010.11.06 12:55:57 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010.11.06 12:55:57 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010.11.06 12:55:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010.11.06 12:55:57 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010.11.06 12:55:56 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010.11.06 12:55:56 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010.11.06 12:55:56 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010.11.06 12:55:55 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010.11.06 12:55:54 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010.11.06 12:55:54 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010.11.06 12:55:54 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010.11.06 12:55:54 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010.11.06 12:55:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010.11.06 12:55:54 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010.11.06 12:55:53 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010.11.06 12:55:53 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010.11.06 12:55:53 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010.11.06 12:55:52 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010.11.06 12:55:52 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010.11.06 12:55:51 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.11.06 12:55:51 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010.11.06 12:55:51 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010.11.06 12:55:51 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010.11.06 12:55:50 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010.11.06 12:55:49 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.11.06 12:55:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.11.06 12:55:48 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.11.06 12:55:48 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010.11.06 12:55:48 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010.11.06 12:55:48 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010.11.06 12:55:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.11.06 12:55:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.11.06 12:55:47 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010.11.06 12:55:47 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010.11.06 12:55:47 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010.11.06 12:55:46 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010.11.06 12:55:46 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010.11.06 12:55:46 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010.11.06 12:55:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.11.06 12:55:45 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.11.06 12:55:45 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.11.06 12:55:44 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.11.06 12:55:44 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.11.06 12:55:44 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.11.06 12:55:36 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.11.06 12:55:36 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.11.06 12:55:36 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.11.06 12:55:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.11.06 12:55:35 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.11.06 12:55:35 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.11.06 12:55:34 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010.11.06 12:55:33 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010.11.06 12:55:32 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.11.06 12:53:44 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2010.11.06 12:52:05 | 000,000,000 | -H-D | C] -- C:\Users\xxx\InstallAnywhere
[2010.11.03 18:55:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\AliensVsPredator
[2010.10.30 17:16:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\ICQ
[2010.10.30 16:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.10.30 16:22:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\AOL
[2010.10.30 15:28:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\skypePM
[2010.10.30 15:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.10.30 15:25:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.10.30 15:25:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Skype
[2010.10.30 15:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.10.29 15:19:25 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.10.29 15:19:25 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.10.29 15:19:25 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.10.29 15:19:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.10.29 15:19:24 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010.06.29 20:43:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2010.06.29 20:43:29 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2010.06.29 20:43:29 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2010.06.29 20:43:29 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2010.06.29 20:43:29 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2010.06.29 20:43:29 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2010.06.29 20:43:29 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2010.06.29 20:43:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2010.06.29 20:43:29 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2010.06.29 20:43:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2010.06.29 20:43:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2010.06.29 20:43:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2009.07.13 21:46:42 | 001,169,224 | -H-- | C] (Microsoft Corporation) -- C:\Users\xxx\AppData\Roaming\bot.exe
[2009.07.13 21:46:42 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\xxx\AppData\Roaming\Torrant.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.25 19:27:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2010.11.25 19:26:47 | 000,049,288 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\data.dat
[2010.11.25 19:25:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.25 19:25:06 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.24 18:30:20 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.24 18:30:20 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.24 18:29:29 | 000,697,472 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.24 18:29:29 | 000,654,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.24 18:29:29 | 000,148,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.24 18:29:29 | 000,121,226 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.22 20:16:20 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk
[2010.11.22 20:07:21 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2010.11.21 03:50:56 | 000,848,182 | -H-- | M] () -- C:\Users\xxx\AppData\Roaming\xxxlog.dat
[2010.11.21 00:33:46 | 001,523,704 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Messeger.exe
[2010.11.20 12:58:29 | 000,001,130 | ---- | M] () -- C:\Users\xxx\Desktop\black ops config.lnk
[2010.11.20 12:56:43 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark X1100 Series All-In-One Center.lnk
[2010.11.20 12:56:41 | 000,000,266 | ---- | M] () -- C:\Windows\Lexstat.ini
[2010.11.16 19:24:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.11.08 14:34:11 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.11.07 17:29:12 | 000,001,105 | ---- | M] () -- C:\Users\xxx\Desktop\Fallout.lnk
[2010.11.06 14:03:44 | 000,063,105 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\xxx3SQLite3.dll
[2010.11.01 16:32:55 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.10.30 15:28:54 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.22 21:33:50 | 000,049,288 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\data.dat
[2010.11.22 20:16:20 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk
[2010.11.22 20:07:21 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2010.11.21 00:34:06 | 001,523,704 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Messeger.exe
[2010.11.20 12:58:31 | 000,001,130 | ---- | C] () -- C:\Users\xxx\Desktop\black ops config.lnk
[2010.11.16 19:24:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.11.08 14:34:11 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.11.07 17:29:14 | 000,001,105 | ---- | C] () -- C:\Users\xxx\Desktop\Fallout.lnk
[2010.11.06 14:03:44 | 000,063,105 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\xxx3SQLite3.dll
[2010.10.30 15:28:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.24 19:57:04 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.08.24 19:57:03 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.08.20 17:25:21 | 000,000,145 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.07.24 16:08:50 | 000,374,272 | ---- | C] () -- C:\Windows\System32\mss32.dll
[2010.07.18 15:36:48 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI
[2010.07.18 15:22:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Core Data Application
[2010.07.18 15:22:59 | 000,000,268 | RH-- | C] () -- C:\Users\xxx\AppData\Roaming\Configure Folder Actions
[2010.07.18 15:22:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.07.18 15:22:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices
[2010.07.18 15:18:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Contents
[2010.07.18 15:18:29 | 000,000,268 | RH-- | C] () -- C:\Users\xxx\AppData\Roaming\Compressor
[2010.07.18 15:18:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.07.18 15:18:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Database
[2010.06.29 20:44:01 | 000,000,266 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010.06.29 20:43:29 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2010.06.29 20:43:29 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2010.06.24 15:55:23 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.06.24 15:54:34 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.05.01 11:34:15 | 000,022,016 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.10 11:41:03 | 000,000,600 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\winscp.rnd
[2010.04.10 10:51:19 | 000,000,017 | ---- | C] () -- C:\Users\xxx\AppData\Local\resmon.resmoncfg
[2010.04.05 11:47:50 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.04.02 18:52:47 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.02 16:19:26 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Amhooker.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.04.08 14:25:44 | 000,364,544 | ---- | C] () -- C:\Windows\System32\BH_DATA120VC8.dll
[2009.04.08 06:17:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll
[2009.02.02 19:11:40 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2009.02.02 19:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.02.02 19:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.02.02 19:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2007.02.07 16:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007.01.22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2006.05.12 04:34:42 | 000,848,182 | -H-- | C] () -- C:\Users\xxx\AppData\Roaming\xxxlog.dat
[2006.04.21 09:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2005.10.05 11:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005.09.13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005.09.13 15:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.06.24 15:57:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Atari
[2010.04.02 16:05:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CheckPoint
[2010.05.27 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Command and Conquer 4
[2010.04.02 17:42:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
[2010.07.12 17:56:50 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2010.07.12 20:39:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2010.06.30 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Foxit Software
[2010.04.15 17:45:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GMX
[2010.05.23 22:19:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GrabPro
[2010.11.06 17:04:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HitachiGST
[2010.11.21 13:07:29 | 000,000,000 | RHSD | M] -- C:\Users\xxx\AppData\Roaming\install
[2010.04.15 18:13:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JAlbum
[2010.08.20 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Jumping Bytes
[2010.06.13 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2010.10.22 17:07:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\nHancer
[2010.07.28 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nikon
[2010.11.08 14:26:50 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nokia
[2010.05.23 22:35:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Orbit
[2010.05.01 11:36:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC Suite
[2010.11.06 12:57:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Sports Interactive
[2010.11.22 20:16:19 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TweakNow RegCleaner
[2010.04.05 12:19:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft
[2010.07.24 16:04:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Uniblue
[2010.11.06 16:44:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Western Digital
[2010.08.20 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Western DigitalTemp
[2010.07.23 15:38:15 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

OTL Extras

Code:
ATTFilter
OTL Extras logfile created on: 25.11.2010 19:28:52 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\xxx\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 216,78 Gb Free Space | 72,75% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1627,74 Gb Free Space | 87,37% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\xxx\AppData\Roaming\Torrant.exe" = C:\Users\xxx\AppData\Roaming\Torrant.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\xxx\AppData\Roaming\bot.exe" = C:\Users\xxx\AppData\Roaming\bot.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{19B822A6-372A-43E2-9230-0AFA4EC84F8C}" = Lexware buchhalter 2009
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225C12AE-BB37-4EE3-8935-583E2F0E6644}" = Lexware reisekosten 2009
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2FA2CDE4-ABE2-461D-A2FF-33EA4A3BBB49}" = TAXMAN 2010 spezial
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44046312-696F-4E29-82C8-3F29F81DD11F}" = Lexware Elster
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57456DD2-4CDD-4245-A5E6-D865CD8E0238}" = Lexware reisekosten 2009
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{650E2ABD-270A-499C-BA9F-09180DDDDA16}" = Nokia Software Updater
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D66915F-05FF-4F59-B2D3-AA2E58506F72}" = nHancer
"{7EC9E7A1-A576-43C8-9CBB-31BD5625EBCA}" = FOX LiveUpdate
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3DBED25-09EE-45FE-BE53-4B07B0CBA0FC}" = PC Connectivity Solution
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F6DBB315-6C0F-4BCD-8C09-24016401E438}" = PureSync
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.12 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"BootDisk2BootStick" = BootDisk2BootStick 0.10
"ElsterFormular 11.5.0.4546" = ElsterFormular
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Foxit Reader" = Foxit Reader
"GMX Upload-Manager" = GMX Upload-Manager
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MKVtoolnix" = MKVtoolnix 2.4.1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"nHancer" = nHancer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PureSync" = PureSync 2.6.11
"QuickPar" = QuickPar 0.9
"Steam App 18800" = Zero Gear Demo
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"VLC media player" = VLC media player 1.1.4
"WheelMouse" = Trust GM-4600 Gamer Mouse
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.7
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.7
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:53 on 25/11/2010 (xxx)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         

Alt 25.11.2010, 20:29   #7
spakz
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



gmer

Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-25 20:10:44
Windows 6.1.7600  Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD322HJ rev.1AC01110
Running: yq5nekqp.exe; Driver: C:\Users\HANSDA~1\AppData\Local\Temp\pwlyafog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwAlpcConnectPort [0x8DF1BBBA]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwAlpcCreatePort [0x8DF1C48A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwConnectPort [0x8DF1B610]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwCreateFile [0x8DF14E42]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwCreateKey [0x8DF36760]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwCreatePort [0x8DF1C11A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwCreateWaitablePort [0x8DF1C278]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwDeleteFile [0x8DF15B7E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwDeleteKey [0x8DF38212]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwDeleteValueKey [0x8DF37B06]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwLoadKey [0x8DF38BE0]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwLoadKey2 [0x8DF38E1E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwLoadKeyEx [0x8DF392D0]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwOpenFile [0x8DF15730]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwRenameKey [0x8DF39CB8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwReplaceKey [0x8DF3959A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwRequestWaitReplyPort [0x8DF1B1A4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwRestoreKey [0x8DF3A71E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwSetInformationFile [0x8DF15F8A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwSetSecurityObject [0x8DF3A242]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)                      ZwSetValueKey [0x8DF37226]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ZwLoadDriver [0x8E707B0C]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                     83298599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                              832BCF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 248                                                                                                 832C4758 8 Bytes  [BA, BB, F1, 8D, 8A, C4, F1, ...]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2DC                                                                                                 832C47EC 4 Bytes  [10, B6, F1, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2F8                                                                                                 832C4808 4 Bytes  [42, 4E, F1, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 308                                                                                                 832C4818 4 Bytes  [60, 67, F3, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 324                                                                                                 832C4834 4 Bytes  [1A, C1, F1, 8D]
.text           ...                                                                                                                                 
PAGE            ntkrnlpa.exe!ZwLoadDriver                                                                                                           833F6291 7 Bytes  JMP 8E707B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                                  8345DFBF 5 Bytes  JMP 8E7035D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                                                    83477CF3 5 Bytes  JMP 8E705012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                              section is writeable [0xA2E98300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                              section is writeable [0xA2EDB300, 0x1BEE, 0xE8000020]
.text           advapi32.dll!SetThreadToken                                                                                                         77AACA9F 5 Bytes  JMP 20C28FAE 
.text           advapi32.dll!ImpersonateNamedPipeClient                                                                                             77AE2331 5 Bytes  JMP 20C28DD5 
.text           user32.dll!FindWindowA                                                                                                              776EA818 5 Bytes  JMP 20C28207 
.text           user32.dll!FindWindowW                                                                                                              776ECF04 5 Bytes  JMP 20C281D2 
.text           kernel32.dll!OpenProcess                                                                                                            761A73E4 5 Bytes  JMP 20C283E4 

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ntdll.dll!NtAccessCheckByType                                               77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ntdll.dll!NtAlpcImpersonateClientOfPort                                     77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ntdll.dll!NtImpersonateClientOfPort                                         77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ntdll.dll!NtSetInformationProcess                                           77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] kernel32.dll!OpenProcess                                                    761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] USER32.dll!FindWindowA                                                      776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] USER32.dll!FindWindowW                                                      776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ADVAPI32.dll!SetThreadToken                                                 77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] ADVAPI32.dll!ImpersonateNamedPipeClient                                     77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[496] ntdll.dll!NtAccessCheckByType                                                                  77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[496] ntdll.dll!NtAlpcImpersonateClientOfPort                                                        77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[496] ntdll.dll!NtImpersonateClientOfPort                                                            77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[496] ntdll.dll!NtSetInformationProcess                                                              77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[496] kernel32.dll!OpenProcess                                                                       761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[496] USER32.dll!FindWindowA                                                                         776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[496] USER32.dll!FindWindowW                                                                         776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[496] ADVAPI32.dll!SetThreadToken                                                                    77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wininit.exe[496] ADVAPI32.dll!ImpersonateNamedPipeClient                                                        77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[596] ntdll.dll!NtAccessCheckByType                                                                 77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[596] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[596] ntdll.dll!NtImpersonateClientOfPort                                                           77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[596] ntdll.dll!NtSetInformationProcess                                                             77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[596] kernel32.dll!OpenProcess                                                                      761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[596] USER32.dll!FindWindowA                                                                        776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[596] USER32.dll!FindWindowW                                                                        776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[596] ADVAPI32.dll!SetThreadToken                                                                   77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\services.exe[596] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[604] ntdll.dll!NtAccessCheckByType                                                                    77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[604] ntdll.dll!NtAlpcImpersonateClientOfPort                                                          77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[604] ntdll.dll!NtImpersonateClientOfPort                                                              77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[604] ntdll.dll!NtSetInformationProcess                                                                77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!SetThreadToken                                                                      77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[604] ADVAPI32.dll!ImpersonateNamedPipeClient                                                          77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[604] USER32.dll!FindWindowA                                                                           776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsass.exe[604] USER32.dll!FindWindowW                                                                           776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[612] ntdll.dll!NtAccessCheckByType                                                                      77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[612] ntdll.dll!NtAlpcImpersonateClientOfPort                                                            77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[612] ntdll.dll!NtImpersonateClientOfPort                                                                77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[612] ntdll.dll!NtSetInformationProcess                                                                  77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[612] kernel32.dll!OpenProcess                                                                           761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[612] ADVAPI32.dll!SetThreadToken                                                                        77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[612] ADVAPI32.dll!ImpersonateNamedPipeClient                                                            77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[612] USER32.dll!FindWindowA                                                                             776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lsm.exe[612] USER32.dll!FindWindowW                                                                             776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[712] ntdll.dll!NtAccessCheckByType                                                                  77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[712] ntdll.dll!NtAlpcImpersonateClientOfPort                                                        77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[712] ntdll.dll!NtImpersonateClientOfPort                                                            77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[712] ntdll.dll!NtSetInformationProcess                                                              77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[712] kernel32.dll!OpenProcess                                                                       761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[712] USER32.dll!FindWindowA                                                                         776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[712] USER32.dll!FindWindowW                                                                         776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[712] ADVAPI32.dll!SetThreadToken                                                                    77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[712] ADVAPI32.dll!ImpersonateNamedPipeClient                                                        77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!NtAccessCheckByType                                                                   77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!NtAlpcImpersonateClientOfPort                                                         77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!NtImpersonateClientOfPort                                                             77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\nvvsvc.exe[792] ntdll.dll!NtSetInformationProcess                                                               77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\nvvsvc.exe[792] kernel32.dll!OpenProcess                                                                        761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\nvvsvc.exe[792] USER32.dll!FindWindowA                                                                          776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\nvvsvc.exe[792] USER32.dll!FindWindowW                                                                          776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\nvvsvc.exe[792] ADVAPI32.dll!SetThreadToken                                                                     77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\nvvsvc.exe[792] ADVAPI32.dll!ImpersonateNamedPipeClient                                                         77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[832] ntdll.dll!NtAccessCheckByType                                                                  77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[832] ntdll.dll!NtAlpcImpersonateClientOfPort                                                        77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[832] ntdll.dll!NtImpersonateClientOfPort                                                            77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[832] ntdll.dll!NtSetInformationProcess                                                              77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[832] kernel32.dll!OpenProcess                                                                       761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!SetThreadToken                                                                    77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!ImpersonateNamedPipeClient                                                        77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[832] user32.dll!FindWindowA                                                                         776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[832] user32.dll!FindWindowW                                                                         776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[928] ntdll.dll!NtAccessCheckByType                                                                  77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[928] ntdll.dll!NtAlpcImpersonateClientOfPort                                                        77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[928] ntdll.dll!NtImpersonateClientOfPort                                                            77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[928] ntdll.dll!NtSetInformationProcess                                                              77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[928] kernel32.dll!OpenProcess                                                                       761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[928] USER32.dll!FindWindowA                                                                         776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[928] USER32.dll!FindWindowW                                                                         776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!SetThreadToken                                                                    77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!ImpersonateNamedPipeClient                                                        77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[960] ntdll.dll!NtAccessCheckByType                                                                  77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[960] ntdll.dll!NtAlpcImpersonateClientOfPort                                                        77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[960] ntdll.dll!NtImpersonateClientOfPort                                                            77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[960] ntdll.dll!NtSetInformationProcess                                                              77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[960] kernel32.dll!OpenProcess                                                                       761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[960] USER32.dll!FindWindowA                                                                         776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[960] USER32.dll!FindWindowW                                                                         776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!SetThreadToken                                                                    77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!ImpersonateNamedPipeClient                                                        77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[984] ntdll.dll!NtAccessCheckByType                                                                  77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[984] ntdll.dll!NtAlpcImpersonateClientOfPort                                                        77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[984] ntdll.dll!NtImpersonateClientOfPort                                                            77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[984] ntdll.dll!NtSetInformationProcess                                                              77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!OpenProcess                                                                       761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[984] USER32.dll!FindWindowA                                                                         776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[984] USER32.dll!FindWindowW                                                                         776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[984] ADVAPI32.dll!SetThreadToken                                                                    77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[984] ADVAPI32.dll!ImpersonateNamedPipeClient                                                        77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[1032] ntdll.dll!NtAccessCheckByType                                                    77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[1032] ntdll.dll!NtAlpcImpersonateClientOfPort                                          77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[1032] ntdll.dll!NtImpersonateClientOfPort                                              77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[1032] ntdll.dll!NtSetInformationProcess                                                77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[1032] kernel32.dll!OpenProcess                                                         761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[1032] ADVAPI32.dll!SetThreadToken                                                      77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[1032] ADVAPI32.dll!ImpersonateNamedPipeClient                                          77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[1032] USER32.dll!FindWindowA                                                           776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[1032] USER32.dll!FindWindowW                                                           776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ntdll.dll!NtAccessCheckByType                                                         77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ntdll.dll!NtAlpcImpersonateClientOfPort                                               77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ntdll.dll!NtImpersonateClientOfPort                                                   77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ntdll.dll!NtSetInformationProcess                                                     77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\xxx\Desktop\yq5nekqp.exe[1064] kernel32.dll!OpenProcess                                                              761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\xxx\Desktop\yq5nekqp.exe[1064] USER32.dll!FindWindowA                                                                776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\xxx\Desktop\yq5nekqp.exe[1064] USER32.dll!FindWindowW                                                                776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ADVAPI32.dll!SetThreadToken                                                           77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Users\xxx\Desktop\yq5nekqp.exe[1064] ADVAPI32.dll!ImpersonateNamedPipeClient                                               77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtAccessCheckByType                                                                 77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtImpersonateClientOfPort                                                           77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtSetInformationProcess                                                             77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1148] kernel32.dll!OpenProcess                                                                      761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1148] USER32.dll!FindWindowA                                                                        776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1148] USER32.dll!FindWindowW                                                                        776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!SetThreadToken                                                                   77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1148] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ntdll.dll!NtAccessCheckByType                                         77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ntdll.dll!NtAlpcImpersonateClientOfPort                               77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ntdll.dll!NtImpersonateClientOfPort                                   77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ntdll.dll!NtSetInformationProcess                                     77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] kernel32.dll!OpenProcess                                              761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ADVAPI32.dll!SetThreadToken                                           77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] ADVAPI32.dll!ImpersonateNamedPipeClient                               77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] USER32.dll!FindWindowA                                                776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] USER32.dll!FindWindowW                                                776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1252] ntdll.dll!NtAccessCheckByType                                                                 77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1252] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1252] ntdll.dll!NtImpersonateClientOfPort                                                           77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1252] ntdll.dll!NtSetInformationProcess                                                             77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1252] kernel32.dll!OpenProcess                                                                      761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1252] USER32.dll!FindWindowA                                                                        776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1252] USER32.dll!FindWindowW                                                                        776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!SetThreadToken                                                                   77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[1252] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ntdll.dll!NtAccessCheckByType                                                 77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ntdll.dll!NtAlpcImpersonateClientOfPort                                       77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ntdll.dll!NtImpersonateClientOfPort                                           77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ntdll.dll!NtSetInformationProcess                                             77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] kernel32.dll!OpenProcess                                                      761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ADVAPI32.dll!SetThreadToken                                                   77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] ADVAPI32.dll!ImpersonateNamedPipeClient                                       77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] USER32.dll!FindWindowA                                                        776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] USER32.dll!FindWindowW                                                        776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[1584] ntdll.dll!NtAccessCheckByType                                                                 77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[1584] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[1584] ntdll.dll!NtImpersonateClientOfPort                                                           77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[1584] ntdll.dll!NtSetInformationProcess                                                             77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[1584] kernel32.dll!OpenProcess                                                                      761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[1584] USER32.dll!FindWindowA                                                                        776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[1584] USER32.dll!FindWindowW                                                                        776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[1584] ADVAPI32.dll!SetThreadToken                                                                   77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wuauclt.exe[1584] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ntdll.dll!NtAccessCheckByType                                              77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ntdll.dll!NtAlpcImpersonateClientOfPort                                    77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ntdll.dll!NtImpersonateClientOfPort                                        77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ntdll.dll!NtSetInformationProcess                                          77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] kernel32.dll!OpenProcess                                                   761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] USER32.dll!FindWindowA                                                     776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] USER32.dll!FindWindowW                                                     776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ADVAPI32.dll!SetThreadToken                                                77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] ADVAPI32.dll!ImpersonateNamedPipeClient                                    77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1864] kernel32.dll!SetUnhandledExceptionFilter                                  761B3162 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ntdll.dll!NtAccessCheckByType                                              77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ntdll.dll!NtAlpcImpersonateClientOfPort                                    77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ntdll.dll!NtImpersonateClientOfPort                                        77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ntdll.dll!NtSetInformationProcess                                          77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] kernel32.dll!OpenProcess                                                   761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] USER32.dll!FindWindowA                                                     776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] USER32.dll!FindWindowW                                                     776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ADVAPI32.dll!SetThreadToken                                                77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] ADVAPI32.dll!ImpersonateNamedPipeClient                                    77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!NtAccessCheckByType                                      77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!NtAlpcImpersonateClientOfPort                            77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!NtImpersonateClientOfPort                                77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ntdll.dll!NtSetInformationProcess                                  77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] kernel32.dll!OpenProcess                                           761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!SetThreadToken                                        77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] ADVAPI32.dll!ImpersonateNamedPipeClient                            77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!FindWindowA                                             776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] USER32.dll!FindWindowW                                             776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1912] kernel32.dll!OpenProcess                                                  761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1912] USER32.dll!GetWindowMinimizeRect + 377                                    776EBFE9 5 Bytes  JMP 20C291E8 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\ctfmon.exe[2088] ntdll.dll!NtAccessCheckByType                                                                  77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\ctfmon.exe[2088] ntdll.dll!NtAlpcImpersonateClientOfPort                                                        77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\ctfmon.exe[2088] ntdll.dll!NtImpersonateClientOfPort                                                            77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\ctfmon.exe[2088] ntdll.dll!NtSetInformationProcess                                                              77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\ctfmon.exe[2088] kernel32.dll!OpenProcess                                                                       761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\ctfmon.exe[2088] USER32.dll!FindWindowA                                                                         776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\ctfmon.exe[2088] USER32.dll!FindWindowW                                                                         776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\ctfmon.exe[2088] ADVAPI32.dll!SetThreadToken                                                                    77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\ctfmon.exe[2088] ADVAPI32.dll!ImpersonateNamedPipeClient                                                        77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[2672] ntdll.dll!NtAccessCheckByType                                                                 77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[2672] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[2672] ntdll.dll!NtImpersonateClientOfPort                                                           77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[2672] ntdll.dll!NtSetInformationProcess                                                             77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[2672] kernel32.dll!OpenProcess                                                                      761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[2672] USER32.dll!FindWindowA                                                                        776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[2672] USER32.dll!FindWindowW                                                                        776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[2672] ADVAPI32.dll!SetThreadToken                                                                   77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\spoolsv.exe[2672] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2704] ntdll.dll!NtAccessCheckByType                                                                 77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2704] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2704] ntdll.dll!NtImpersonateClientOfPort                                                           77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2704] ntdll.dll!NtSetInformationProcess                                                             77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2704] kernel32.dll!OpenProcess                                                                      761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2704] USER32.dll!FindWindowA                                                                        776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2704] USER32.dll!FindWindowW                                                                        776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2704] ADVAPI32.dll!SetThreadToken                                                                   77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[2704] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskhost.exe[2840] ntdll.dll!NtAccessCheckByType                                                                77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskhost.exe[2840] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskhost.exe[2840] ntdll.dll!NtImpersonateClientOfPort                                                          77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskhost.exe[2840] ntdll.dll!NtSetInformationProcess                                                            77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskhost.exe[2840] kernel32.dll!OpenProcess                                                                     761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskhost.exe[2840] USER32.dll!FindWindowA                                                                       776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskhost.exe[2840] USER32.dll!FindWindowW                                                                       776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskhost.exe[2840] ADVAPI32.dll!SetThreadToken                                                                  77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\taskhost.exe[2840] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lxbkcoms.exe[2940] ntdll.dll!NtAccessCheckByType                                                                77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lxbkcoms.exe[2940] ntdll.dll!NtAlpcImpersonateClientOfPort                                                      77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lxbkcoms.exe[2940] ntdll.dll!NtImpersonateClientOfPort                                                          77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lxbkcoms.exe[2940] ntdll.dll!NtSetInformationProcess                                                            77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lxbkcoms.exe[2940] kernel32.dll!OpenProcess                                                                     761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lxbkcoms.exe[2940] USER32.dll!FindWindowA                                                                       776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lxbkcoms.exe[2940] USER32.dll!FindWindowW                                                                       776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lxbkcoms.exe[2940] ADVAPI32.dll!SetThreadToken                                                                  77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\lxbkcoms.exe[2940] ADVAPI32.dll!ImpersonateNamedPipeClient                                                      77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ntdll.dll!NtAccessCheckByType                                   77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ntdll.dll!NtAlpcImpersonateClientOfPort                         77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ntdll.dll!NtImpersonateClientOfPort                             77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ntdll.dll!NtSetInformationProcess                               77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] kernel32.dll!OpenProcess                                        761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ADVAPI32.dll!SetThreadToken                                     77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] ADVAPI32.dll!ImpersonateNamedPipeClient                         77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] USER32.dll!FindWindowA                                          776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] USER32.dll!FindWindowW                                          776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3152] ntdll.dll!NtAccessCheckByType                                                                 77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3152] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3152] ntdll.dll!NtImpersonateClientOfPort                                                           77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3152] ntdll.dll!NtSetInformationProcess                                                             77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3152] kernel32.dll!OpenProcess                                                                      761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3152] USER32.dll!FindWindowA                                                                        776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3152] USER32.dll!FindWindowW                                                                        776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3152] ADVAPI32.dll!SetThreadToken                                                                   77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3152] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtAccessCheckByType                                                                 77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtImpersonateClientOfPort                                                           77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3588] ntdll.dll!NtSetInformationProcess                                                             77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!OpenProcess                                                                      761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3588] USER32.dll!FindWindowA                                                                        776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3588] USER32.dll!FindWindowW                                                                        776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!SetThreadToken                                                                   77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3644] ntdll.dll!NtAccessCheckByType                                                                 77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3644] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3644] ntdll.dll!NtImpersonateClientOfPort                                                           77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3644] ntdll.dll!NtSetInformationProcess                                                             77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3644] kernel32.dll!OpenProcess                                                                      761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3644] USER32.dll!FindWindowA                                                                        776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3644] USER32.dll!FindWindowW                                                                        776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3644] ADVAPI32.dll!SetThreadToken                                                                   77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\svchost.exe[3644] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3852] ntdll.dll!NtAccessCheckByType                                                           77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3852] ntdll.dll!NtAlpcImpersonateClientOfPort                                                 77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3852] ntdll.dll!NtImpersonateClientOfPort                                                     77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3852] ntdll.dll!NtSetInformationProcess                                                       77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3852] kernel32.dll!OpenProcess                                                                761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3852] ADVAPI32.dll!SetThreadToken                                                             77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3852] ADVAPI32.dll!ImpersonateNamedPipeClient                                                 77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3852] USER32.dll!FindWindowA                                                                  776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3852] USER32.dll!FindWindowW                                                                  776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[3892] ntdll.dll!NtAccessCheckByType                                                                 77B84640 5 Bytes  JMP 20C28709 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[3892] ntdll.dll!NtAlpcImpersonateClientOfPort                                                       77B84820 5 Bytes  JMP 20C28D51 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[3892] ntdll.dll!NtImpersonateClientOfPort                                                           77B84F30 5 Bytes  JMP 20C28CD0 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[3892] ntdll.dll!NtSetInformationProcess                                                             77B85AE0 5 Bytes  JMP 20C28923 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[3892] kernel32.dll!OpenProcess                                                                      761A73E4 5 Bytes  JMP 20C283E4 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[3892] USER32.dll!FindWindowA                                                                        776EA818 5 Bytes  JMP 20C28207 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[3892] USER32.dll!FindWindowW                                                                        776ECF04 5 Bytes  JMP 20C281D2 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[3892] ADVAPI32.dll!SetThreadToken                                                                   77AACA9F 5 Bytes  JMP 20C28FAE C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text           C:\Windows\System32\svchost.exe[3892] ADVAPI32.dll!ImpersonateNamedPipeClient                                                       77AE2331 5 Bytes  JMP 20C28DD5 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                                                 [8DF21100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                                                  [8DF2090E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                                           [8DF1F06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                                             [8DF20AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                                            [8DF20AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                                [8DF21100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                                 [8DF2090E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                                          [8DF1F06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                                             [8DF20AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                                           [8DF1F06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                                 [8DF21100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                                  [8DF2090E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter]                                                                     [8DF2090E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol]                                                                [8DF20AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter]                                                                    [8DF21100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol]                                                              [8DF1F06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Alwil Software\Avast5\AvastUI.exe[492] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]              [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\wininit.exe[496] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                 [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\services.exe[596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\lsass.exe[604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                   [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\lsm.exe[612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                     [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                 [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\nvvsvc.exe[792] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[832] @ C:\Windows\system32\user32.dll [KERNEL32.dll!LoadLibraryExW]                                 [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                 [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\svchost.exe[960] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                 [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[984] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                 [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[1032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Users\xxx\Desktop\yq5nekqp.exe[1064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[1148] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe[1204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]        [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[1252] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1340] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\wuauclt.exe[1584] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[1732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]             [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe[1884] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]             [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\Common Files\Java\Java Update\jusched.exe[1908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]     [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\ctfmon.exe[2088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                 [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\spoolsv.exe[2672] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[2704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\taskhost.exe[2840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\lxbkcoms.exe[2940] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                               [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]  [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[3152] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[3588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\system32\wbem\wmiprvse.exe[3852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                          [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT             C:\Windows\System32\svchost.exe[3892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                [20C282D4] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                             aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004e                                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                             aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         

Alt 25.11.2010, 23:32   #8
rea
/// Helfer-Team
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



Da ist ganz schön was los bei dir. Lies dir bitte zuerst die Backdoorwarnung in dem Link durch (hier von Swisstreasure gepostet):
Backdoorwarnung

Wenn du dennoch versuchen möchtest zu bereinigen, arbeite folgende Anleitung der Reihe nach ab:



1.) Software deinstallieren

Deinstalliere bitte die Ask-Toolbar (bzw. FoxitToolbar), außerdem alle anderen Toolbars, sofern du sie nicht benötigst. Bei der Ask-Toolbar handelt es sich um Adware





2.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Denke daran die xxx wieder in deinen Benutzernamen zu ändern!

    Code:
    ATTFilter
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\xxx\AppData\Local\Temp\adxapie.sys -- (adxapie)
    DRV - [2009.10.20 10:27:02 | 000,144,896 | ---- | M] (GMX GmbH) [File_System | System | Running] -- C:\Windows\System32\drivers\uigxrdr.SYS -- (uigxrdr)
    O33 - MountPoints2\{32356822-3e76-11df-81c3-001c253bb8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{32356822-3e76-11df-81c3-001c253bb8b4}\Shell\AutoRun\command - "" = H:\INSTALLER.EXE -- File not found
    O33 - MountPoints2\{3faef1b9-ac6b-11df-819c-001c253bb8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{3faef1b9-ac6b-11df-819c-001c253bb8b4}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
    O33 - MountPoints2\{3faef1dc-ac6b-11df-819c-001c253bb8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{3faef1dc-ac6b-11df-819c-001c253bb8b4}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
    O33 - MountPoints2\{7c072442-76f5-11df-82ab-001c253bb8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{7c072442-76f5-11df-82ab-001c253bb8b4}\Shell\AutoRun\command - "" = F:\LxSetup.exe -- File not found
    O33 - MountPoints2\{8594e23f-f323-11df-b2f3-001c253bb8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{8594e23f-f323-11df-b2f3-001c253bb8b4}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
    O33 - MountPoints2\{a2b7ef7d-91ba-11df-b7cd-001c253bb8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{a2b7ef7d-91ba-11df-b7cd-001c253bb8b4}\Shell\AutoRun\command - "" = F:\Welcome.exe -- File not found
    O33 - MountPoints2\{d13da850-40a0-11df-92cc-001c253bb8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{d13da850-40a0-11df-92cc-001c253bb8b4}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found
    O33 - MountPoints2\{fa653584-e98f-11df-8c18-001c253bb8b4}\Shell\AutoRun\command - "" = E:\fscommand\LS_Start_Launch.cmd -- File not found
    O33 - MountPoints2\{fa653584-e98f-11df-8c18-001c253bb8b4}\Shell\Launcher\command - "" = E:\fscommand\LS_Start_Launch.cmd -- File not found
    [2009.07.13 21:46:42 | 001,169,224 | -H-- | C] (Microsoft Corporation) -- C:\Users\xxx\AppData\Roaming\bot.exe
    [2009.07.13 21:46:42 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\xxx\AppData\Roaming\Torrant.exe
    [2010.11.25 19:26:47 | 000,049,288 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\data.dat
    [2010.11.21 03:50:56 | 000,848,182 | -H-- | M] () -- C:\Users\xxx\AppData\Roaming\xxxlog.dat
    [2010.11.21 00:33:46 | 001,523,704 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Messeger.exe
    [2010.04.15 17:45:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GMX
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Users\xxx\AppData\Roaming\Torrant.exe"=-
    "C:\Users\xxx\AppData\Roaming\bot.exe"=-
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
             
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.





3.) Einstellungen prüfen unter Windows 7

Stelle sicher, dass bei dir alle Ordner, Dateien und Laufwerke angezeigt werden:
  • Starte den Windows Explorer (Rechtsklick auf Start -> Explorer)
  • => Organisieren
  • => Ordner- und Suchoptionen
  • => Ansicht
  • => Dateien und Ordner
  • Ändere folgende Einstellungen:
    • Entferne den Haken bei
      • Erweiterungen bei bekannten Dateitypen ausblenden
      • Geschützte Systemdateien ausblenden
    • Setze den Haken bei
      • Immer Menü anzeigen
      • Laufwerksbuchstaben anzeigen
      • Leere Laufwerke im Ordner Computer ausblenden
    • Unter "Versteckte Dateien und Ordner" setzt du den Punkt bei
      • Ausgeblendete Dateien, Ordner und Laufwerke anzeigen





4) Dateien bei Virustotal überprüfen lassen

Besuche Virustotal
Über den Button "Durchsuchen" wählst du nun nacheinander die Dateien
Code:
ATTFilter
C:\Windows\bootstat.dat
C:\hiberfil.sys
C:\Users\xxx\AppData\Roaming\Microsoft\System\Services\msconfig.exe
         
(sofern noch vorhanden) und klickst Send File. Ergebnisse hierher posten.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 26.11.2010, 13:15   #9
spakz
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



hallo,

vielen Dank für die Antwort. ich werde die Anleitung heute abend bzw. am Samstag abarbeiten.

du sagst, dass bei mir "einiges los" ist. was genau heisst das. ist mein rechner hoffnungslos verseucht?

sind dir mehrere programme aufgefallen, die schädlich sind oder sein können?

ich möchte natürlich auch dazu lernen und sowas in Zukunft vermeiden.
Wäre klasse, wenn du mir noch etwas mehr details zu meinen logs geben könntest!

vielen dank

Alt 26.11.2010, 16:58   #10
rea
/// Helfer-Team
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



Hast du dir nicht den Link angesehen? Also der zur Backdoorwarnung? Du hast einen Trojaner mit Backdoorfunktionalität auf deinem Rechner. Lies das. Was genau dein Trojaner schon angestellt hat oder noch tun wird kann ich dir aber leider nicht sagen.

Zitat:
ist mein rechner hoffnungslos verseucht?
Ja, wenn du wichtige Dinge wie zb Onlinebanking mit dem System vornehmen möchtest. Dann solltest du besser formatieren und Neuaufsetzen.
Nein, wenn du eher Spiele spielst, Filme damit ansiehst und generell das Risiko eingehen möchtest, dass ich eventuell was übersehen könnte oder sich da etwas zu gut versteckt. Eine Bereinigung können wir natürlich gern vornehmen

Passwörter ändern von einem sauberen System ist aber ein Muss!
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 26.11.2010, 19:04   #11
spakz
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



den link hatte ich mir durchgelesen...

ich werde mein system neu aufsetzen. muss ich hierzu auf irgendwas achten?

ansonsten vielen dank für die mühe
schönes WE
bussi
spakz

Alt 26.11.2010, 20:29   #12
rea
/// Helfer-Team
 
nach Systemstart öffnet sich Firefox und zeigt Werbung - Standard

nach Systemstart öffnet sich Firefox und zeigt Werbung



Ach Mensch, nie entscheidet sich einer fürs Bereinigen
Nee jetzt mal ernst, es ist sicher keine verkehrte Entscheidung

Hier mal eine boardinterne Anleitung zum Neuaufsetzen:
Neuaufsetzen des Systems + Absicherung

Gleichfalls schönes WE und Tschüßi (aber ohne Bussi )!
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Antwort

Themen zu nach Systemstart öffnet sich Firefox und zeigt Werbung
anti-malware, appdata, automatisch, avast, blocken, code, dateien, explorer, firefox, hilfe!, malwarebytes, minute, richtig, roaming, software, stolen.data, superantispyware, system, systemstart, version, werbung, windows, windows 7, windows 7 ultimate, zonealarm, öffnet



Ähnliche Themen: nach Systemstart öffnet sich Firefox und zeigt Werbung


  1. Windows 8.1: In Firefox und Chrome öffnet sich Werbung
    Log-Analyse und Auswertung - 15.10.2015 (7)
  2. Werbung in Firefox, Fenster mit PC Optimierung Werbung öffnet sich automatisch
    Log-Analyse und Auswertung - 10.04.2015 (11)
  3. Windows 7 (64bit) Farmaster.net öffnet sich nach Systemstart
    Log-Analyse und Auswertung - 25.09.2014 (11)
  4. Firefox öffnet Werbeseite auf 123srv und zeigt Werbung von onlinebrowseradvertising
    Log-Analyse und Auswertung - 22.04.2014 (14)
  5. Internet (Mozilla Firefox) öffnet sich alle 5-15 Minuten selber und zeigt Werbung.
    Plagegeister aller Art und deren Bekämpfung - 02.01.2014 (1)
  6. -Internet Seite öffnet sich selbsständig nach Systemstart-
    Log-Analyse und Auswertung - 16.04.2013 (1)
  7. Virus: Internet Explorer öffnet sich von allein und zeigt Werbung.
    Log-Analyse und Auswertung - 19.07.2011 (3)
  8. Internet Explorer öffnet sich von selbst und zeigt Werbung an
    Plagegeister aller Art und deren Bekämpfung - 16.02.2011 (8)
  9. Internet Explorer öffnet sich ungewollt und zeigt Werbung
    Log-Analyse und Auswertung - 19.12.2010 (12)
  10. Internet Explorer öffnet sich selber und zeigt werbung!
    Log-Analyse und Auswertung - 02.12.2010 (9)
  11. Firefox öffnet Tabs mit Werbung / Anstelle einer verlinkten URL öffnet sich Werbung
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (4)
  12. IE öffnet sich von alleine und zeigt Werbung an....Hijackthis-Logfile vorhanden!
    Log-Analyse und Auswertung - 21.07.2010 (3)
  13. Der Internet Explorer öffnet sich selbstständig und zeigt Werbung an
    Plagegeister aller Art und deren Bekämpfung - 18.07.2010 (18)
  14. IE öffnet sich automatisch und zeigt Werbung
    Log-Analyse und Auswertung - 23.06.2010 (6)
  15. Internet Explorer öffnet sich von Geisterhand und zeigt Werbung
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (1)
  16. IE öffnet sich selbst und zeigt nur Werbung
    Log-Analyse und Auswertung - 05.10.2009 (1)
  17. Firefox öffnet sich automatisch mit werbung
    Log-Analyse und Auswertung - 11.12.2007 (3)

Zum Thema nach Systemstart öffnet sich Firefox und zeigt Werbung - hallo, seit ein paar Tagen zeigt mein Firefox nach jedem Systemneustart WERBUNG. Ich nutze Windows 7 Ultimate 32 Bit Habe Avast durchlaufen lassen - nichts Habe SUPERAntiSpyware durchlaufen lassen - - nach Systemstart öffnet sich Firefox und zeigt Werbung...
Archiv
Du betrachtest: nach Systemstart öffnet sich Firefox und zeigt Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.