Salve a tutti,
scrivo per avere delle indicazioni in merito al problema in oggetto.
In pratica, durante il mega-controllo che faccio periodicamente sul pc più esposto alle insidie (muletto da download), stavolta l'avvio della scansione di DrWeb causa l'istantaneo riavvio del sistema.
Rispetto all'ultimo controllo sono passato da XP+SP2 a XPwinlite+SP3, e mi chiedo se possa essere questo il problema, visto che altri programmi mi stanno dando noie (ad esempio CorelSuite 12 e Roxio EMC).
Tutti gli altri programmi, di seguito elencati, non hanno rilevato assolutamente nulla di anomalo:
- Avira Free (scansione approfondita *.* + rootkit)
- SPybot S&D
- A-Squared
- PrevX CSI
- F-Secure online
- ESET
- Gmer
- HijackThis
Rispetto al passato, ho saltato solo la scansione con Kaspersky online: è molto gravosa per il sistema e non ci sono gli estremi per ipotizzare un'infezione, in realtà!
In soldoni: il riavvio causato da CureIT è un problema semi-noto oppure potrebbe essere indice di un malware particolarmente tenace?
ps: se necessario, posso allegare naturalmente i vari log
ciao
ovviamente ci servono tutti i log
cureit l'hai provato in mod. provvisoria?
Salve a tutti,
scrivo per avere delle indicazioni in merito al problema in oggetto.
In pratica, durante il mega-controllo che faccio periodicamente sul pc più esposto alle insidie (muletto da download), stavolta l'avvio della scansione di DrWeb causa l'istantaneo riavvio del sistema.
anche a me fa' la stessa cosa che sara?
Chiedo scusa per la risposta tardiva, ma sono stato fuori casa :p
Dunque, in modalità provvisoria CureIT funziona regolarmente e non ha rilevato (scansione completa) assolutamente nulla.
Potrebbe esserci un malware non riconosciuto da nessuno dei programmi elencati che blocca la scansione in modalità standard :mbe:? Oppure, molto semplicemente e non che la cosa mi dispiaccia, il computer è "pulito" :cool:?
Log di Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.54.21, on 30/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{770C0810-A562-4A31-971A-004B7CAD547A}: NameServer = 85.37.17.51,85.38.28.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{770C0810-A562-4A31-971A-004B7CAD547A}: NameServer = 85.37.17.51,85.38.28.97
O17 - HKLM\System\CS2\Services\Tcpip\..\{770C0810-A562-4A31-971A-004B7CAD547A}: NameServer = 85.37.17.51,85.38.28.97
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programmi\Sandboxie\SbieSvc.exe
--
End of file - 5532 bytes
Log di Gmer
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-31 01:11:39
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF7F52906]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF99F7AF8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF7F51E66]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF7F524C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xF7F530D0]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF99EBB00]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xF7F51BC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF7F53DC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF7F52AEC]
SSDT FA03529C ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xF7F52D3A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xF7F52EEA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF7F514F8]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF99EC388]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF99F7BF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF7F53A42]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF7F520AC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF7F526FA]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF99F7A74]
SSDT FA035288 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF7F5233C]
SSDT FA03528D ZwOpenThread
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF99EC3A8]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF99F7B46]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF7F53496]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF7F51CDE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xF7F537FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF7F53BF0]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF99F7390]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xF7F53296]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF7F52046]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF7F52230]
SSDT FA035297 ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF7F51958]
SSDT FA035292 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.14 ----
.text win32k.sys!EngAcquireSemaphore + 2642 BF808936 5 Bytes JMP 813954D0
.text win32k.sys!EngFreeUserMem + 5502 BF80EDED 5 Bytes JMP 81395430
.text win32k.sys!EngCreateBitmap + D973 BF8457BB 5 Bytes JMP 81395610
.text win32k.sys!EngMultiByteToWideChar + 2F22 BF852729 5 Bytes JMP 81395750
.text win32k.sys!EngStretchBlt + CCB6 BF86C8A2 5 Bytes JMP 81395570
.text win32k.sys!FONTOBJ_pxoGetXform + 1032F BF8C3127 5 Bytes JMP 813956B0
.text win32k.sys!EngFillPath + 3B8D BF8F0327 5 Bytes JMP 813957F0
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\Explorer.EXE[444] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[444] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[444] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[444] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[444] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[444] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\Explorer.EXE[444] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[444] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[444] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[444] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[444] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[756] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[756] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[756] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[756] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[756] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[756] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[756] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[756] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[756] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[756] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[756] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[800] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[800] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[800] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[800] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[800] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[800] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[800] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[800] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[800] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\system32\services.exe[800] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[800] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[820] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[820] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[820] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[820] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\system32\lsass.exe[820] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[820] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[968] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[968] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[968] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[968] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\system32\svchost.exe[968] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[968] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1032] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1032] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1072] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1072] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1072] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1072] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1072] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1072] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1072] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1072] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1072] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1164] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1304] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1304] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1304] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1304] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1304] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1304] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1360] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1360] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1360] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1360] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1360] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1360] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1360] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1360] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1360] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\System32\alg.exe[1360] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1360] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1492] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1492] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1492] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1492] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1492] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[1492] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1492] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1492] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1492] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1492] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\COMODO\Firewall\cmdagent.exe[1668] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 00375810 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\COMODO\Firewall\cmdagent.exe[1668] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00375740 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\COMODO\Firewall\cmdagent.exe[1668] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 003753D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\COMODO\Firewall\cmdagent.exe[1668] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 003716D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\COMODO\Firewall\cmdagent.exe[1668] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 00371550 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\COMODO\Firewall\cmdagent.exe[1668] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 00371860 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\COMODO\Firewall\cmdagent.exe[1668] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 00371230 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\COMODO\Firewall\cmdagent.exe[1668] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 003713C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\COMODO\Firewall\cmdagent.exe[1668] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 52, 88 ]
.text C:\Programmi\COMODO\Firewall\cmdagent.exe[1668] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 003750E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\COMODO\Firewall\cmdagent.exe[1668] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00375260 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Sandboxie\SbieSvc.exe[1816] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Sandboxie\SbieSvc.exe[1816] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Sandboxie\SbieSvc.exe[1816] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Sandboxie\SbieSvc.exe[1816] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Sandboxie\SbieSvc.exe[1816] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Sandboxie\SbieSvc.exe[1816] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Sandboxie\SbieSvc.exe[1816] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Sandboxie\SbieSvc.exe[1816] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Sandboxie\SbieSvc.exe[1816] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\Programmi\Sandboxie\SbieSvc.exe[1816] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Sandboxie\SbieSvc.exe[1816] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1932] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1932] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1932] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1932] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1932] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1932] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1932] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1932] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1932] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\system32\wdfmgr.exe[1932] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1932] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2072] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 003D5810 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2072] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 003D5740 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2072] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 003D1860 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2072] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 003D1230 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2072] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 003D13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2072] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 58, 88 ]
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2072] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 003D53D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2072] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 003D16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2072] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 003D1550 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2072] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 003D50E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2072] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 003D5260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2080] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2080] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2080] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2080] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2080] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2080] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2080] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2080] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2080] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\system32\ctfmon.exe[2080] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2080] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\D-Link AirPlus\AirPlus.exe[2120] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\D-Link AirPlus\AirPlus.exe[2120] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\D-Link AirPlus\AirPlus.exe[2120] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\D-Link AirPlus\AirPlus.exe[2120] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\D-Link AirPlus\AirPlus.exe[2120] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\D-Link AirPlus\AirPlus.exe[2120] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\Programmi\D-Link AirPlus\AirPlus.exe[2120] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\D-Link AirPlus\AirPlus.exe[2120] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\D-Link AirPlus\AirPlus.exe[2120] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\D-Link AirPlus\AirPlus.exe[2120] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\D-Link AirPlus\AirPlus.exe[2120] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3912] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3912] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3912] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3912] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3912] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3912] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3912] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3912] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\WINDOWS\system32\wuauclt.exe[3912] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3912] USER32.dll!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3912] USER32.dll!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\gmer.exe[4032] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\gmer.exe[4032] USER32.DLL!EndTask 7E3DA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\gmer.exe[4032] USER32.DLL!mouse_event 7E3E673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\gmer.exe[4032] USER32.DLL!keybd_event 7E3E6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\gmer.exe[4032] GDI32.dll!BitBlt 77E46F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\gmer.exe[4032] GDI32.dll!CreateDCA 77E4B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\gmer.exe[4032] GDI32.dll!CreateDCW 77E4BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\gmer.exe[4032] GDI32.dll!CreateDCW + 3 77E4BE3B 2 Bytes [ 1B, 98 ]
.text C:\Programmi\gmer.exe[4032] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programmi\gmer.exe[4032] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F9887710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F9887770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F9887990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F9887950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F9887950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F9887770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F9887710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F9887990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F9887990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F9887950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F9887770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F9887710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F9887950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F9887990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F9887710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F9887770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F9887710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F9887770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F9887950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F9887990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F9887950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F9887770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F9887710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F9887950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F9887990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F9887710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F9887770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 81AC6520
Device \FileSystem\Fastfat \FatCdrom 81942570
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
Device \Driver\Cdrom \Device\CdRom0 818FCCD8
Device \FileSystem\Rdbss \Device\FsWrap 817B7150
Device \Driver\Cdrom \Device\CdRom1 818FCCD8
Device \Driver\atapi \Device\Ide\IdePort0 818FCB70
Device \Driver\atapi \Device\Ide\IdePort1 818FCB70
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 818FCB70
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 818FCB70
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 818FCB70
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 818FCB70
Device \FileSystem\Srv \Device\LanmanServer 815B5AC0
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81893150
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81893150
Device \FileSystem\Npfs \Device\NamedPipe 818D2478
Device \FileSystem\Msfs \Device\Mailslot 819EC030
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 816BA8E0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 816BA8E0
Device \FileSystem\Fastfat \Fat 81942570
AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8190C8C0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8190C8C0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8190C8C0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8190C8C0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8190C8C0
Device \FileSystem\Cdfs \Cdfs 814DD3A8
---- Modules - GMER 1.0.14 ----
Module _________ F9954000-F996C000 (98304 bytes)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%
---- EOF - GMER 1.0.14 ----
Chill-Out
08-02-2009, 20:58
@Arkaine
I log sono entrambi pulito, evedentemente è un problema di incompatibilità con altro software, ma sinceramente non mi starei a preoccupare più di tanto ;)
Vi ringrazio tutti per i pareri ed i suggerimenti ;)
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.