GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-05 12:02:10 Windows 5.1.2600 Dodatek Service Pack 3 Running: gvm4twio.exe; Driver: C:\DOCUME~1\Alicja\USTAWI~1\Temp\uwtiyuoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA3CBCD2] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAA4EE534] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAA4E8782] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA3CBB8E] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAA4EECC0] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAA501EB4] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAA5022A2] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xAA50B916] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAA4EEDF6] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAA4E9398] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAA3CC142] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA3CC06C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xAA500DF0] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAA50993C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAA509B44] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAA4E8FAA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA3CBC68] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xAA5041CE] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xAA503DF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA3CBD88] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAA3CC210] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAA50A208] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAA4EE0F4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA3CBD48] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xAA4EE7DC] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAA4E975C] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xAA50AE12] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA3CBEC8] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xAA502F0A] SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xAA502C86] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAA3D8AFA] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C44 12 Bytes [C0, EC, 4E, AA, B4, 1E, 50, ...] PAGE ntkrnlpa.exe!ZwLoadDriver 80579588 7 Bytes JMP AA3D8AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1C60 5 Bytes JMP AA3D45B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObInsertObject 805B8AD8 5 Bytes JMP AA3D5F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[668] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[668] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[668] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[668] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[668] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[668] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[668] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[668] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[884] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[884] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[884] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[884] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\winlogon.exe[884] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\Alicja\Pulpit\gvm4twio.exe[920] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\Alicja\Pulpit\gvm4twio.exe[920] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\Alicja\Pulpit\gvm4twio.exe[920] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\Alicja\Pulpit\gvm4twio.exe[920] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\Alicja\Pulpit\gvm4twio.exe[920] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\Alicja\Pulpit\gvm4twio.exe[920] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\Alicja\Pulpit\gvm4twio.exe[920] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Documents and Settings\Alicja\Pulpit\gvm4twio.exe[920] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[928] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[928] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[928] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[928] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\services.exe[928] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[940] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[940] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[940] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\lsass.exe[940] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1052] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1052] USER32.dll!DefDlgProcW + 56E 7E3742A8 5 Bytes JMP 20C79270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[1528] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[1528] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[1528] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[1528] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[1528] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[1528] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[1528] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[1528] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1648] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1648] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1648] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1648] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1648] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1648] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1648] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1648] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1872] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1872] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1872] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1872] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1872] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1872] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\Explorer.EXE[1872] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1964] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1964] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1964] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1964] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1964] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1964] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1964] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\spoolsv.exe[1964] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxtray.exe[2060] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxtray.exe[2060] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxtray.exe[2060] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxtray.exe[2060] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxtray.exe[2060] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxtray.exe[2060] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxtray.exe[2060] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxtray.exe[2060] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\hkcmd.exe[2068] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\hkcmd.exe[2068] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\hkcmd.exe[2068] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\hkcmd.exe[2068] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\hkcmd.exe[2068] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\hkcmd.exe[2068] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\hkcmd.exe[2068] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\hkcmd.exe[2068] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxpers.exe[2084] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxpers.exe[2084] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxpers.exe[2084] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxpers.exe[2084] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxpers.exe[2084] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxpers.exe[2084] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxpers.exe[2084] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxpers.exe[2084] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2108] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2108] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2108] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2108] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2108] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2108] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2108] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2108] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[2124] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[2124] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[2124] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[2124] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[2124] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[2124] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[2124] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\System32\alg.exe[2124] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxsrvc.exe[2140] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxsrvc.exe[2140] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxsrvc.exe[2140] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxsrvc.exe[2140] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxsrvc.exe[2140] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxsrvc.exe[2140] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxsrvc.exe[2140] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\igfxsrvc.exe[2140] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[2304] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[2304] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[2304] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[2304] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[2304] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[2304] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[2304] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Gadu-Gadu\gg.exe[2304] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2400] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2400] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2400] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2400] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2400] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2400] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2400] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2400] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2700] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2700] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2700] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2700] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2700] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2700] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2700] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2700] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3092] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3092] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3092] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3092] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3092] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 209B37DD C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3092] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3092] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3092] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\CheckPoint\ZAForceField\ForceField.exe[3092] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Opera\opera.exe[3524] ntdll.dll!NtAccessCheckByType 7C90CE70 5 Bytes JMP 20C78791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Opera\opera.exe[3524] ntdll.dll!NtImpersonateClientOfPort 7C90D3E0 5 Bytes JMP 20C78D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Opera\opera.exe[3524] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 20C789AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Opera\opera.exe[3524] kernel32.dll!OpenProcess 7C8309D1 5 Bytes JMP 20C7846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Opera\opera.exe[3524] ADVAPI32.dll!ImpersonateNamedPipeClient 77DC7416 5 Bytes JMP 20C78E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Opera\opera.exe[3524] ADVAPI32.dll!SetThreadToken 77DCF183 5 Bytes JMP 20C79036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Opera\opera.exe[3524] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 20C7828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) .text C:\Program Files\Opera\opera.exe[3524] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 20C7825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AA4F3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AA4F34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AA4F3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AA4F1C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AA4F1C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AA4F3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AA4F34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AA4F3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AA4F3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AA4F1C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AA4F3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AA4F34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA4F3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA4F34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA4F3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA4F1C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA4F3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA4F34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA4F3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AA4F3672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AA4F1C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AA4F3CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AA4F34C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\winlogon.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\Documents and Settings\Alicja\Pulpit\gvm4twio.exe[920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[1096] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[1164] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\System32\svchost.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[1316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\svchost.exe[1392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\Program Files\Gadu-Gadu\gg.exe[1528] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[1648] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\Explorer.EXE[1872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\spoolsv.exe[1964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\igfxtray.exe[2060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\hkcmd.exe[2068] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\igfxpers.exe[2084] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2108] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\System32\alg.exe[2124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\igfxsrvc.exe[2140] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\Program Files\Gadu-Gadu\gg.exe[2304] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\ctfmon.exe[2448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) IAT C:\Program Files\Opera\opera.exe[3524] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C7835C] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software) Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) ---- EOF - GMER 1.0.15 ----