GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-25 20:01:19 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts2Port3Path1Target1Lun0 Hitachi_ rev.GM2O Running: l2xqv9oq.exe; Driver: C:\DOCUME~1\Dunio\USTAWI~1\Temp\fwaoiaod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB4E202F4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB4E1A5CA] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB4E3958A] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB4E20A80] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB4E20BB6] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB4E1B1E0] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB4E3AE3C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB4E3A7B2] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB4E3B794] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB4E3B99C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB4E1ADF2] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB4E3C72A] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB4E3C060] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB4E1FEC4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB4E3D0FC] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB4E1B5A4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB4E3CC6A] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB4E39F72] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7545360, 0x3CDCE5, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB41E2300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8468300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Java\jre6\bin\jqs.exe[468] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Java\jre6\bin\jqs.exe[468] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Java\jre6\bin\jqs.exe[468] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Java\jre6\bin\jqs.exe[468] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Java\jre6\bin\jqs.exe[468] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Java\jre6\bin\jqs.exe[468] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Java\jre6\bin\jqs.exe[468] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Java\jre6\bin\jqs.exe[468] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[668] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[668] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[668] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[668] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[668] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[712] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[712] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[712] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\nvsvc32.exe[892] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\nvsvc32.exe[892] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\nvsvc32.exe[892] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\nvsvc32.exe[892] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\nvsvc32.exe[892] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\nvsvc32.exe[892] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\nvsvc32.exe[892] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\nvsvc32.exe[892] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1064] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1064] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1064] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1064] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1064] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1064] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1064] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1064] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1548] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1548] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1548] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1548] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1548] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1548] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1548] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1548] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] USER32.dll!DefDlgProcW + 56E 7E3742A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1872] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1872] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1872] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1872] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1872] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1872] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1872] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1872] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\RUNDLL32.EXE[2356] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\RUNDLL32.EXE[2356] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\RUNDLL32.EXE[2356] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\RUNDLL32.EXE[2356] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\RUNDLL32.EXE[2356] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\RUNDLL32.EXE[2356] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\RUNDLL32.EXE[2356] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\RUNDLL32.EXE[2356] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2392] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2392] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2392] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2392] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2392] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2392] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2392] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2392] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Browsers Protector\regmon32.exe[2404] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Browsers Protector\regmon32.exe[2404] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Browsers Protector\regmon32.exe[2404] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Browsers Protector\regmon32.exe[2404] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Browsers Protector\regmon32.exe[2404] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Browsers Protector\regmon32.exe[2404] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Browsers Protector\regmon32.exe[2404] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Program Files\Browsers Protector\regmon32.exe[2404] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\V0415Mon.exe[2412] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\V0415Mon.exe[2412] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\V0415Mon.exe[2412] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\V0415Mon.exe[2412] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\V0415Mon.exe[2412] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\V0415Mon.exe[2412] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\V0415Mon.exe[2412] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\V0415Mon.exe[2412] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2468] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2468] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2468] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2468] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2468] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2468] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2468] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2468] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0141B52A E:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 016CB6F5 E:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 016CB6D2 E:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 016CB653 E:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\firefox.exe[2476] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\plugin-container.exe[2824] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\plugin-container.exe[2824] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\plugin-container.exe[2824] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\plugin-container.exe[2824] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\plugin-container.exe[2824] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\plugin-container.exe[2824] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\plugin-container.exe[2824] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\plugin-container.exe[2824] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1043BACC E:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text E:\Programy\Mozilla Firefox\plugin-container.exe[2824] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text E:\Programy\Mozilla Firefox\plugin-container.exe[2824] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 1043C0F9 E:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\WINDOWS\System32\svchost.exe[3212] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3212] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3212] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3212] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3212] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3212] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3212] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[3212] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Documents and Settings\Dunio\Pulpit\l2xqv9oq.exe[3400] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Documents and Settings\Dunio\Pulpit\l2xqv9oq.exe[3400] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Documents and Settings\Dunio\Pulpit\l2xqv9oq.exe[3400] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Documents and Settings\Dunio\Pulpit\l2xqv9oq.exe[3400] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Documents and Settings\Dunio\Pulpit\l2xqv9oq.exe[3400] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Documents and Settings\Dunio\Pulpit\l2xqv9oq.exe[3400] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Documents and Settings\Dunio\Pulpit\l2xqv9oq.exe[3400] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\Documents and Settings\Dunio\Pulpit\l2xqv9oq.exe[3400] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[3828] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18} ? C:\WINDOWS\system32\svchost.exe[3828] C:\WINDOWS\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: urlmon.dllunknown module: VERSION.dll ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B4E253F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B4E2524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B4E25A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B4E239A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B4E239A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B4E253F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B4E2524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B4E25A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B4E253F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B4E239A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B4E25A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B4E2524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B4E25A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B4E2524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B4E253F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B4E239A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B4E253F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B4E2524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B4E25A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B4E253F6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B4E239A6] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B4E25A3E] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B4E2524C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Java\jre6\bin\jqs.exe[468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\winlogon.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\nvsvc32.exe[892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[1000] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\System32\svchost.exe[1112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[1336] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\Explorer.EXE[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10003E90] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10004380] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [10004340] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [100020F0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [10009EF0] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll (TrueVector Service/Check Point Software Technologies LTD) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [7C8840D8] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] [7C8840CE] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] [7C8840D3] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8840C9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8840C9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1816] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CreateThread] [7C8840D8] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\system32\spoolsv.exe[1872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\RUNDLL32.EXE[2356] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\Program Files\Browsers Protector\regmon32.exe[2404] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\V0415Mon.exe[2412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\ctfmon.exe[2468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT E:\Programy\Mozilla Firefox\firefox.exe[2476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT E:\Programy\Mozilla Firefox\plugin-container.exe[2824] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\Documents and Settings\Dunio\Pulpit\l2xqv9oq.exe[3400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20CB835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtTerminateProcess] 68EC8B55 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtRaiseHardError] [00915258] C:\WINDOWS\system32\smss.exe (Mened¿er sesji Windows NT/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] E80C75FF IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] 000003BA IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlFreeHeap] 1E75C085 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] 91526868 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] 0C75FF00 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlAllocateHeap] 0003A9E8 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 75C08500 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!DbgPrintEx] [10458B0D] C:\WINDOWS\system32\Macromed\Flash\Flash10u.ocx (Adobe Flash Player 10.3 r181/Adobe Systems, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] B8002083 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] 80004002 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtOpenFile] 458B14EB IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtClose] [104D8B08] C:\WINDOWS\system32\Macromed\Flash\Flash10u.ocx (Adobe Flash Player 10.3 r181/Adobe Systems, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!wcslen] C9330189 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!wcscpy] 4104C083 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] 08C10FF0 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtCreatePagingFile] C25DC033 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtSetInformationFile] 448B000C IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtQueryInformationFile] 488D0424 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!DbgPrint] 40C03304 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 01C10FF0 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!_allmul] 0004C240 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 24748B56 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 468D5708 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] FFCF8304 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 38C10FF0 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlCreateAcl] 8509754F IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] E80574F6 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 00000184 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] 5E5FC78B IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] 550004C2 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtQueryValueKey] 8B56EC8B IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!swprintf] FF570875 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtOpenKey] 15FF2076 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtSetValueKey] [00915144] C:\WINDOWS\system32\smss.exe (Mened¿er sesji Windows NT/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtCreateKey] 00448D59 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtCreateFile] 2FE6E840 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtReadFile] FC8B0000 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!_chkstk] 682076FF IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!wcsstr] [009151E0] C:\WINDOWS\system32\smss.exe (Mened¿er sesji Windows NT/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!_wcsupr] 4015FF57 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] 83009151 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] 448D0CC4 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] FF500200 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!wcsncpy] 9151AC15 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] 85F08B00 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlInitAnsiString] 570A74F6 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!_stricmp] 3C15FF56 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtCreateSection] 59009151 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksum] 18458B59 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] C0333089 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] 5FF8658D IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!LdrUnloadDll] 14C25D5E IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!LdrGetProcedureAddress] 08668300 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlInitString] 1C4E8300 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!LdrLoadDll] 204E83FF IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] 384689FF IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlEqualString] 0424448B IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!memmove] 8D344689 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!_wcsicmp] C7502C46 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] 91521806 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 0C46C700 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] [00915224] C:\WINDOWS\system32\smss.exe (Mened¿er sesji Windows NT/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] 301046C7 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] C7009152 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 523C1446 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] 46C70091 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtResumeThread] 91524818 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] 0446C700 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] 00000001 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlCreateProcessParameters] 114B00C7 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] 15FF0091 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] [00915160] C:\WINDOWS\system32\smss.exe (Mened¿er sesji Windows NT/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] 00010468 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtDisplayString] 30006800 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!sprintf] 00680000 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtDuplicateObject] 6A000010 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlLengthSid] 5C15FF00 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlGetAce] 83009150 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 89002866 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] C68B2446 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] FF0004C2 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] 91516815 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] 810BEB00 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlFindMessage] 91114B38 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtSetEvent] 8B087400 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtSetSystemInformation] C0850440 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtCreateEvent] 83C3F175 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlLeaveCriticalSection] 51C3D4C0 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlEnterCriticalSection] 0475C985 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!wcscat] C359C033 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] 81328B56 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtDelayExecution] 000001FE IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 81227480 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 000004FE IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtDeleteValueKey] 8D747580 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] 50042444 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlCreateUserThread] 00010468 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtCreatePort] [10006800] C:\WINDOWS\system32\Macromed\Flash\Flash10u.ocx (Adobe Flash Player 10.3 r181/Adobe Systems, Inc.) IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlInitializeCriticalSection] 71FF0000 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtSetInformationProcess] 5815FF24 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] EB009150 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtSetInformationThread] 107A8355 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtQueryInformationToken] 8B547601 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtOpenThreadToken] D68B1872 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtImpersonateClientOfPort] 8124512B IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtConnectPort] 001000FA IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtCompleteConnectPort] 8B447300 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtAcceptConnectPort] 8D570851 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtOpenProcess] EA83017A IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtReplyWaitReceivePort] 08798900 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlExitUserThread] 4A19745F IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtReplyPort] 744A0F74 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] 40C03305 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] 418B2BEB IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] EB068934 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] 38498B1D IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtAdjustPrivilegesToken] 06EB0E89 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtOpenProcessToken] 040006C7 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] 08810000 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlUnwind] 00010010 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!NtQueryVirtualMemory] 00C08881 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!DbgBreakPoint] 01000000 IAT C:\WINDOWS\system32\svchost.exe[3828] @ C:\WINDOWS\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] C8830000 ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ---- Processes - GMER 1.0.15 ---- Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1548] 0x45670000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x2F 0x93 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x2F 0x93 0x0C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... ---- EOF - GMER 1.0.15 ----