|
|||||||
|
|
|
 |
|
|
Strumenti |
07-07-2008, 16:38
|
#1 |
|
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
EXCEPTION PROCESSING MANAGER
Cari ragazzi, da un paio di giorni con frequenza da crisi epilettica mi appare il seguente messaggio di errore:
Windows - Disco non presente Exception Processing Message c00000013 Parameters 75b1bf9c 4 75b1bf9c 75 b1bf9c Annulla Riprova Continua Premendo 4-5 volte "Continua", la finestra sparisce, per poi ricomparire dopo qualke decina di secondi. Penso proprio sia un virus o malware in generale...Cosa mi consigliate di fare? Grazie a tutti |
|
|
|
07-07-2008, 16:43
|
#2 |
|
Senior Member
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
|
Ciao benvenuto nel pronto soccorso di HU.
Se nonostante l'errore riesci ad operare leggi le regole di sezione e poi segui la guida alla disinfezione per infetti ed esegui tutte le scansioni ed il caricamento dei relativi log nelle modalità e nell'ordine indicato. Ti rielenco brevemente le modalità di pubblicazione dei log Se i log o le immagini (.JPG) non superano i 24Kb allegali tramite il comodo comando Gestisci allegati nelle Opzioni aggiuntive. Clicca su Gestisci allegati → si aprirà una finestra → Click su Sfoglia → seleziona il file da caricare → Click su Carica → sotto allegati correnti vedrai il tuo log caricato → Chiudi la finestra Altrimenti caricali su [wikisend.com] o su [mediafire.com]. Una volta sul sito → clicca su sfoglia → seleziona il file da caricare → poi invia o upload → aspetta che venga caricato → copia tutto il contenuto a fianco della della riga "Forum link nel primo caso oppure sotto "Sharing URL" nel secondo e lo incolli nella risposta della discussione. Le immagini più grosse salvale in JPG, essendo più leggere, e caricale su fileqube.com che permette di visualizzarle direttamente online. Ricapitolando, dopo aver disabilitato il ripristino di sistema, fatto la pulizia dei file inutili con ATFCleaner e cancellato gli asd con ADS Scanner, vogliamo necessariamente in ordine (altrimenti dovrai comunque rifarli):
In questa maniera, tu avrai un pc già parzialmente ripulito, e noi le informazioni necessarie per i restanti interventi. Se invece non riesci nemmeno a partire comincia con un log di hijackthis che vediamo cosa ti "frulla" nel pc Ciao
__________________
fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording • |
|
|
|
|
07-07-2008, 19:53
|
#3 |
|
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
A-Squared
|
|
|
|
|
07-07-2008, 19:54
|
#4 |
|
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
F-Secure
|
|
|
|
|
07-07-2008, 19:55
|
#5 |
|
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
Eset
|
|
|
|
|
07-07-2008, 19:55
|
#6 |
|
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
Hijackthis
|
|
|
|
|
07-07-2008, 19:57
|
#7 |
|
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
Hijackthis!
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\a-squared Anti-Malware\a2service.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\programmi\file comuni\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe C:\Programmi\McAfee\VirusScan\McShield.exe C:\Programmi\McAfee\MPF\MPFSrv.exe C:\Programmi\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programmi\McAfee.com\Agent\mcagent.exe C:\Programmi\SiteAdvisor\6261\SiteAdv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe C:\Programmi\DAEMON Tools Pro\DTProAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe C:\Programmi\SiteAdvisor\6261\SAService.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\Programmi\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\Giuseppe\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {87E81469-F333-4DD4-8199-4F8005F641FE} - (no file) O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [mcagent_exe] C:\Programmi\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SiteAdvisor] "C:\Programmi\SiteAdvisor\6261\SiteAdv.exe" O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmi\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: jkkKBtRl - jkkKBtRl.dll (file missing) O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmi\file comuni\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Programmi\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Programmi\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programmi\SiteAdvisor\6261\SAService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 11069 bytes Ultima modifica di Rael84 : 07-07-2008 alle 20:01. |
|
|
|
|
07-07-2008, 20:02
|
#8 |
|
Senior Member
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
|
ti avevo già indicato le modalità di pubblicazione dei log....
riedita i tuoi post please  alcuni poi non ci sono...
__________________
fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording • |
|
|
|
|
07-07-2008, 20:05
|
#9 |
|
Senior Member
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
|
ci sono tracce di vundo...
leggi qui [/url] la guida per la rimozione di Vundo e posta qui tutti i log richiesti secondo le modalità.
__________________
fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording • |
|
|
|
|
07-07-2008, 20:06
|
#10 |
|
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
GMER
SSDT sptd.sys ZwCreateKey [0xB9EBE0D0] SSDT sptd.sys ZwEnumerateKey [0xB9EC3FB2] SSDT sptd.sys ZwEnumerateValueKey [0xB9EC4340] SSDT sptd.sys ZwOpenKey [0xB9EBE0B0] SSDT sptd.sys ZwQueryKey [0xB9EC4418] SSDT sptd.sys ZwQueryValueKey [0xB9EC4298] SSDT sptd.sys ZwSetValueKey [0xB9EC44AA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAD2139AA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAD213958] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAD21396C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAD213A5B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAD213A87] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAD2139EA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAD213B21] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAD213930] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAD213944] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAD2139BE] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAD213AC9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAD213A71] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAD213B49] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAD213B35] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAD213996] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAD213982] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAD213A19] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAD213B0B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAD213A00] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAD2139D4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!ZwYieldExecution 80503FC8 7 Bytes JMP AD2139D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 80577ED2 5 Bytes JMP AD2139AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0A7E 7 Bytes JMP AD2139EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B188C 5 Bytes JMP AD213A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6E52 7 Bytes JMP AD2139C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 805C9CFE 5 Bytes JMP AD213934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 805C9F8A 5 Bytes JMP AD213948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 805CC748 5 Bytes JMP AD213986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA1E 7 Bytes JMP AD213970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 805CFAD4 5 Bytes JMP AD21395C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 805CFFF6 5 Bytes JMP AD21399A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1226 5 Bytes JMP AD213A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 8062050C 5 Bytes JMP AD213B39 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnloadKey 80620A8C 7 Bytes JMP AD213B0F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806212D2 7 Bytes JMP AD213ACD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRenameKey 80621B2A 7 Bytes JMP AD213A75 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteKey 80622594 7 Bytes JMP AD213A5F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622764 7 Bytes JMP AD213A8B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 80623CE4 5 Bytes JMP AD213B4D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80623DFE 5 Bytes JMP AD213B25 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo. ? System32\Drivers\ayczhp9q.SYS Impossibile trovare il file specificato. ! .text USBPORT.SYS!DllUnload B97DA62C 5 Bytes JMP 89D74770 ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00920000 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009200B3 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0092008E .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00920FB4 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00920073 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00920047 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009200E9 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00920F97 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00920115 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00920F86 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00920F61 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00920058 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0092001B .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 009200C4 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00920FDB .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0092002C .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00920104 .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 00910022 .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 00910044 .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 00910FD1 .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 00910011 .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 00910F87 .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 00910FA2 .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 00910000 .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 00910033 .text C:\WINDOWS\system32\services.exe[796] WS2_32.dll!socket 71A33B91 5 Bytes JMP 008F000A .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F30FEF .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F30F77 .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F3006C .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F30F9E .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F30051 .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F30FAF .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F30F35 .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F30F52 .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F30EF8 .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F30F09 .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F300A2 .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F30040 .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F30FDE .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F3007D .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F30025 .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F30014 .text C:\WINDOWS\system32\lsass.exe[816] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F30F24 .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 00F2002C .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 00F20F8A .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 00F20FE5 .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 00F20011 .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 00F20F9B .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 00F2003D .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 00F20000 .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 00F20FC0 .text C:\WINDOWS\system32\lsass.exe[816] WS2_32.dll!socket 71A33B91 5 Bytes JMP 00E30000 .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D30FEF .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D3006F .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D30F70 .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D30F8D .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D30F9E .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D30040 .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D30F5F .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D300A7 .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D30F3A .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D300D3 .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00D300EE .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00D30FB9 .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00D30FD4 .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00D3008A .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00D30025 .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00D3000A .text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00D300C2 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 00D20025 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 00D20065 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 00D20FD4 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 00D2000A .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 00D2004A .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 00D20FA8 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 00D20FEF .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 00D20FB9 .text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!socket 71A33B91 5 Bytes JMP 00D00000 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A90FEF .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A90F70 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A90F81 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A90F92 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A9005B .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A90FAF .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A90F1F .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 7C801EEE 3 Bytes JMP 00A90F3A .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoA + 4 7C801EF2 1 Byte [ 84 ] .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A900AE .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A90093 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A900C9 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A90040 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A90000 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A90F55 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A9001B .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A90FCA .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A90082 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 00A80FCA .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 00A80F9E .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 00A80FDB .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 00A80011 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 00A8005B .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 00A80040 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 00A80000 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 00A80FB9 .text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!socket 71A33B91 5 Bytes JMP 00A60FEF .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02960000 .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02960F52 .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02960F6D .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02960F88 .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02960FAF .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02960FCA .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0296007F .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02960062 .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 029600A4 .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02960F0B .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02960EF0 .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02960051 .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0296001B .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 02960F37 .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02960FE5 .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 02960036 .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 02960F1C .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 0290002C .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 02900062 .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 0290001B .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 02900000 .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 02900FA5 .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 02900051 .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 02900FE5 .text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 02900FC0 .text C:\WINDOWS\System32\svchost.exe[1172] WS2_32.dll!socket 71A33B91 5 Bytes JMP 02500000 .text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenA 4331C865 5 Bytes JMP 024F000A .text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenW 4331CE99 5 Bytes JMP 024F0FEF .text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenUrlA 43320BCA 5 Bytes JMP 024F0025 .text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenUrlW 4336AEA1 5 Bytes JMP 024F0040 .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00970FEF .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0097005D .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00970F68 .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00970042 .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00970F83 .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00970F9E .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00970F21 .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00970F3C .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00970EDA .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00970EFF .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00970EC9 .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0097001B .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00970FD4 .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00970F4D .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0097000A .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00970FAF .text C:\WINDOWS\System32\svchost.exe[1236] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00970F10 .text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 00960FD1 .text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 00960F80 .text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 00960022 .text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 00960011 .text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 0096003D .text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 00960FA5 .text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 00960000 .text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 00960FC0 .text C:\WINDOWS\System32\svchost.exe[1236] WS2_32.dll!socket 71A33B91 5 Bytes JMP 00940000 .text c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe[1276] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe[1276] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C3C0 c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00710FEF .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00710F5C .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00710F81 .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0071005B .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00710040 .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0071001E .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00710F3F .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00710087 .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00710F1A .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007100B3 .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 007100CE .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0071002F .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00710FD4 .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0071006C .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00710FA8 .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00710FB9 .text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 007100A2 .text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 0070002F .text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 0070007D .text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 00700FD4 .text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 00700FEF .text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 0070006C .text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 0070005B .text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 00700000 .text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 00700040 .text C:\WINDOWS\System32\svchost.exe[1412] WS2_32.dll!socket 71A33B91 5 Bytes JMP 00980000 .text C:\WINDOWS\System32\svchost.exe[1412] WININET.dll!InternetOpenA 4331C865 5 Bytes JMP 00720000 .text C:\WINDOWS\System32\svchost.exe[1412] WININET.dll!InternetOpenW 4331CE99 5 Bytes JMP 0072001B .text C:\WINDOWS\System32\svchost.exe[1412] WININET.dll!InternetOpenUrlA 43320BCA 5 Bytes JMP 00720036 .text C:\WINDOWS\System32\svchost.exe[1412] WININET.dll!InternetOpenUrlW 4336AEA1 5 Bytes JMP 00720047 .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001CD0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001B10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 012DF6E0 C:\Programmi\SiteAdvisor\6261\saPlugin.dll .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001A90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001D90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] kernel32.dll!FindResourceA 7C80BE89 7 Bytes JMP 28001BA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001E00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001850 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] kernel32.dll!FindResourceExA 7C835F78 7 Bytes JMP 28001C30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] kernel32.dll!OutputDebugStringW 7C85A42D 5 Bytes JMP 28001E60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] ADVAPI32.dll!CryptDeriveKey 77F5A685 7 Bytes JMP 28001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] ADVAPI32.dll!CryptDecrypt 77F5A7B1 2 Bytes JMP 28001060 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] ADVAPI32.dll!CryptDecrypt + 3 77F5A7B4 4 Bytes [ 0A, B0, CC, CC ] .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 280040C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] USER32.dll!CreateWindowExW 7E39FC25 5 Bytes JMP 28003850 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] USER32.dll!SetWindowRgn 7E39FFB2 7 Bytes JMP 280059A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] USER32.dll!LoadIconW 7E3A0894 5 Bytes JMP 280062B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] USER32.dll!LoadImageW 7E3A2CFE 5 Bytes JMP 280060C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] USER32.dll!CreateDialogParamW 7E3A7D4F 5 Bytes JMP 28005AC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] USER32.dll!SetWindowPlacement 7E3AD84C 5 Bytes JMP 28005860 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 28005CB0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] USER32.dll!TrackPopupMenuEx 7E3ECD28 5 Bytes JMP 280049A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] WS2_32.dll!send 71A3428A 5 Bytes JMP 2800A2C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 2800A0A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] WS2_32.dll!recv 71A3615A 5 Bytes JMP 28009F00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 2800A4A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 2800A6E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] SHELL32.dll!Shell_NotifyIconW 7CA31B92 5 Bytes JMP 28003000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] ole32.dll!CoInitializeEx 774CEF6B 5 Bytes JMP 28002110 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] ole32.dll!CoRegisterClassObject 774E8720 5 Bytes JMP 28002210 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] WININET.dll!InternetCloseHandle 4330DA59 5 Bytes JMP 28009110 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] WININET.dll!HttpOpenRequestA 43314341 5 Bytes JMP 28008DD0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] WININET.dll!InternetReadFile 4331ABB4 5 Bytes JMP 28008F60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[1824] WININET.dll!HttpSendRequestA 4331CD40 5 Bytes JMP 28009040 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0025000A .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0025009A .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00250089 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00250078 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00250FAF .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00250FD1 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00250F52 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00250F6F .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 002500BC .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 002500AB .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00250EFE .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00250FC0 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0025001B .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00250F80 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0025003D .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0025002C .text C:\Programmi\Internet Explorer\iexplore.exe[1940] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00250F37 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 00330FD4 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 00330051 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 00330FE5 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 0033001B .text C:\Programmi\Internet Explorer\iexplore.exe[1940] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 00330040 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 00330F9E .text C:\Programmi\Internet Explorer\iexplore.exe[1940] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 0033000A .text C:\Programmi\Internet Explorer\iexplore.exe[1940] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 00330FB9 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[1940] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 43791667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[1940] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 437915E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[1940] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4379162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[1940] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 43791574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[1940] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437915AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[1940] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437916A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[1940] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[1940] WININET.dll!InternetOpenA 4331C865 5 Bytes JMP 01480FEF .text C:\Programmi\Internet Explorer\iexplore.exe[1940] WININET.dll!InternetOpenW 4331CE99 5 Bytes JMP 0148000A .text C:\Programmi\Internet Explorer\iexplore.exe[1940] WININET.dll!InternetOpenUrlA 43320BCA 5 Bytes JMP 01480FD4 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] WININET.dll!InternetOpenUrlW 4336AEA1 5 Bytes JMP 01480FB9 .text C:\Programmi\Internet Explorer\iexplore.exe[1940] ws2_32.dll!socket 71A33B91 5 Bytes JMP 0222000A .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C90000 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C90F83 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C90F94 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C90FA5 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C90FB6 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C90047 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C90F4B .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C90F68 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C900D3 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C900AE .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C90F15 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C90058 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C9001B .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C90093 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C90036 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C90FE5 .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C90F30 .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 00C60FB9 .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 00C60F68 .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 00C60FCA .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 00C60FEF .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 00C60F83 .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 00C60F9E .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 00C60000 .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 00C6001B .text C:\WINDOWS\Explorer.EXE[2040] WININET.dll!InternetOpenA 4331C865 5 Bytes JMP 00C30FEF .text C:\WINDOWS\Explorer.EXE[2040] WININET.dll!InternetOpenW 4331CE99 5 Bytes JMP 00C30FDE .text C:\WINDOWS\Explorer.EXE[2040] WININET.dll!InternetOpenUrlA 43320BCA 5 Bytes JMP 00C30FCD .text C:\WINDOWS\Explorer.EXE[2040] WININET.dll!InternetOpenUrlW 4336AEA1 5 Bytes JMP 00C30FBC .text C:\WINDOWS\Explorer.EXE[2040] WS2_32.dll!socket 71A33B91 5 Bytes JMP 00C40000 .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F77 .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F88 .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0062 .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FAF .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FC0 .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F5C .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A00A4 .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F1F .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F30 .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00C9 .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0051 .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A000A .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0087 .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0036 .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A001B .text C:\WINDOWS\System32\svchost.exe[2432] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F4B .text C:\WINDOWS\System32\svchost.exe[2432] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 00280022 .text C:\WINDOWS\System32\svchost.exe[2432] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 00280F9B .text C:\WINDOWS\System32\svchost.exe[2432] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 00280FDB .text C:\WINDOWS\System32\svchost.exe[2432] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 00280011 .text C:\WINDOWS\System32\svchost.exe[2432] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 00280FAC .text C:\WINDOWS\System32\svchost.exe[2432] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 0028004E .text C:\WINDOWS\System32\svchost.exe[2432] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 00280000 .text C:\WINDOWS\System32\svchost.exe[2432] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 0028003D .text C:\WINDOWS\System32\svchost.exe[2432] WS2_32.dll!socket 71A33B91 5 Bytes JMP 006D0FE5 .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A0FEF .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008A0F21 .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008A0F3C .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008A0F4D .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008A0F5E .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008A0000 .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008A0F10 .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008A004C .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008A0EE4 .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008A0EF5 .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008A0098 .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008A0F79 .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008A0FD4 .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008A0031 .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008A0F9E .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008A0FB9 .text C:\WINDOWS\System32\svchost.exe[2712] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008A0073 .text C:\WINDOWS\System32\svchost.exe[2712] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 0089002C .text C:\WINDOWS\System32\svchost.exe[2712] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 00890073 .text C:\WINDOWS\System32\svchost.exe[2712] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 0089001B .text C:\WINDOWS\System32\svchost.exe[2712] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 00890FEF .text C:\WINDOWS\System32\svchost.exe[2712] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 00890058 .text C:\WINDOWS\System32\svchost.exe[2712] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 00890047 .text C:\WINDOWS\System32\svchost.exe[2712] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 00890000 .text C:\WINDOWS\System32\svchost.exe[2712] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 00890FC0 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00250FEF .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0025005B .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00250036 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00250F68 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0025001B .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00250F94 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00250F24 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00250F3F .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 002500A2 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00250087 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 002500B3 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00250F79 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00250000 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0025006C .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00250FAF .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00250FC0 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00250F13 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 00330FD4 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 0033006C .text C:\Programmi\Internet Explorer\iexplore.exe[2804] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 0033001B .text C:\Programmi\Internet Explorer\iexplore.exe[2804] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 0033000A .text C:\Programmi\Internet Explorer\iexplore.exe[2804] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 00330051 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 00330040 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 00330FE5 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 00330FB9 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[2804] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 43791667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[2804] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 437915E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[2804] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4379162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[2804] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 43791574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[2804] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437915AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[2804] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437916A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[2804] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[2804] WININET.dll!InternetOpenA 4331C865 5 Bytes JMP 01480FEF .text C:\Programmi\Internet Explorer\iexplore.exe[2804] WININET.dll!InternetOpenW 4331CE99 5 Bytes JMP 01480000 .text C:\Programmi\Internet Explorer\iexplore.exe[2804] WININET.dll!InternetOpenUrlA 43320BCA 5 Bytes JMP 01480FCA .text C:\Programmi\Internet Explorer\iexplore.exe[2804] WININET.dll!InternetOpenUrlW 4336AEA1 5 Bytes JMP 01480FAF .text C:\Programmi\Internet Explorer\iexplore.exe[2804] ws2_32.dll!socket 71A33B91 5 Bytes JMP 0189000A .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00250FE5 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0025009A .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00250089 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00250078 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00250FAF .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00250040 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 002500C8 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00250F80 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00250F4D .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00250F5E .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00250101 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00250051 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00250FD4 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 002500AB .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00250025 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0025000A .text C:\Programmi\Internet Explorer\iexplore.exe[3632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00250F6F .text C:\Programmi\Internet Explorer\iexplore.exe[3632] ADVAPI32.dll!RegOpenKeyExW 77F46A78 5 Bytes JMP 00330FAF .text C:\Programmi\Internet Explorer\iexplore.exe[3632] ADVAPI32.dll!RegCreateKeyExW 77F47535 5 Bytes JMP 00330F72 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] ADVAPI32.dll!RegOpenKeyExA 77F4761B 5 Bytes JMP 00330FCA .text C:\Programmi\Internet Explorer\iexplore.exe[3632] ADVAPI32.dll!RegOpenKeyW 77F4770F 5 Bytes JMP 00330FDB .text C:\Programmi\Internet Explorer\iexplore.exe[3632] ADVAPI32.dll!RegCreateKeyExA 77F4EAF4 5 Bytes JMP 00330039 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] ADVAPI32.dll!RegCreateKeyW 77F68F7D 5 Bytes JMP 00330F8D .text C:\Programmi\Internet Explorer\iexplore.exe[3632] ADVAPI32.dll!RegOpenKeyA 77F6C41B 5 Bytes JMP 00330000 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] ADVAPI32.dll!RegCreateKeyA 77F6D5BB 5 Bytes JMP 00330F9E .text C:\Programmi\Internet Explorer\iexplore.exe[3632] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[3632] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 43791667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[3632] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 437915E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[3632] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 4379162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[3632] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 43791574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[3632] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437915AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[3632] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437916A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[3632] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programmi\Internet Explorer\iexplore.exe[3632] WININET.dll!InternetOpenA 4331C865 5 Bytes JMP 01480FE5 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] WININET.dll!InternetOpenW 4331CE99 5 Bytes JMP 01480FD4 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] WININET.dll!InternetOpenUrlA 43320BCA 5 Bytes JMP 0148000A .text C:\Programmi\Internet Explorer\iexplore.exe[3632] WININET.dll!InternetOpenUrlW 4336AEA1 5 Bytes JMP 01480FB9 .text C:\Programmi\Internet Explorer\iexplore.exe[3632] ws2_32.dll!socket 71A33B91 5 Bytes JMP 01890FE5 ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EBEAD4] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EBEC1A] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EBEB9C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EBF748] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EBF61E] sptd.sys IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9ED429A] sptd.sys ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 89DDA1E8 AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\NetBT \Device\NetBT_Tcpip_{BDD40D01-9DF1-4F4B-A809-FFA1BDA342F7} 8955E1E8 Device \Driver\usbuhci \Device\USBPDO-0 89D72790 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E4E1E8 Device \Driver\dmio \Device\DmControl\DmConfig 89E4E1E8 Device \Driver\dmio \Device\DmControl\DmPnP 89E4E1E8 Device \Driver\dmio \Device\DmControl\DmInfo 89E4E1E8 Device \Driver\usbuhci \Device\USBPDO-1 89D72790 Device \Driver\usbuhci \Device\USBPDO-2 89D72790 Device \Driver\usbehci \Device\USBPDO-3 89CC2790 Device \Driver\usbuhci \Device\USBPDO-4 89D72790 AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\usbuhci \Device\USBPDO-5 89D72790 Device \Driver\PCI_NTPNP5946 \Device\00000049 sptd.sys Device \Driver\usbuhci \Device\USBPDO-6 89D72790 Device \Driver\Ftdisk \Device\HarddiskVolume1 89DDC1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{FFD11BFF-CDCC-43FC-AD9D-C05F98B2A13F} 8955E1E8 Device \Driver\usbehci \Device\USBPDO-7 89CC2790 Device \Driver\Ftdisk \Device\HarddiskVolume2 89DDC1E8 Device \Driver\Cdrom \Device\CdRom0 89D30790 Device \Driver\Cdrom \Device\CdRom1 89D30790 Device \Driver\atapi \Device\Ide\IdePort0 89DDB1E8 Device \Driver\atapi \Device\Ide\IdePort1 89DDB1E8 Device \Driver\atapi \Device\Ide\IdePort2 89DDB1E8 Device \Driver\atapi \Device\Ide\IdePort3 89DDB1E8 Device \Driver\atapi \Device\Ide\IdePort4 89DDB1E8 Device \Driver\atapi \Device\Ide\IdePort5 89DDB1E8 Device \Driver\atapi \Device\Ide\IdePort6 89DDB1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-35 89DDB1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2d 89DDB1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 89DDB1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-1b 89DDB1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 89DDB1E8 Device \Driver\Cdrom \Device\CdRom2 89D30790 Device \Driver\Cdrom \Device\CdRom3 89D30790 Device \Driver\Cdrom \Device\CdRom4 89D30790 Device \Driver\NetBT \Device\NetBT_Tcpip_{5AE0035E-F94A-4122-94F6-B78AEB985372} 8955E1E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8955E1E8 Device \Driver\PCI_NTPNP5946 \Device\0000004a sptd.sys Device \Driver\NetBT \Device\NetbiosSmb 8955E1E8 AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\usbuhci \Device\USBFDO-0 89D72790 Device \Driver\usbuhci \Device\USBFDO-1 89D72790 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 895191E8 Device \Driver\usbuhci \Device\USBFDO-2 89D72790 Device \FileSystem\MRxSmb \Device\LanmanRedirector 895191E8 Device \Driver\usbehci \Device\USBFDO-3 89CC2790 Device \Driver\Ftdisk \Device\FtControl 89DDC1E8 Device \Driver\usbuhci \Device\USBFDO-4 89D72790 Device \Driver\usbuhci \Device\USBFDO-5 89D72790 Device \Driver\usbuhci \Device\USBFDO-6 89D72790 Device \Driver\usbehci \Device\USBFDO-7 89CC2790 Device \Driver\ayczhp9q \Device\Scsi\ayczhp9q1 89D24790 Device \Driver\ayczhp9q \Device\Scsi\ayczhp9q1Port7Path0Target0Lun0 89D24790 Device \FileSystem\Cdfs \Cdfs 892D21E8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programmi\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0x2F 0x18 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5C 0x9B 0xD3 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x8B 0xC3 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x29 0x17 0x0F 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xA2 0x55 0x0F 0x6E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0xF8 0x96 0x8B 0xAD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programmi\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0x2F 0x18 0x5D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5C 0x9B 0xD3 0xCB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x8B 0xC3 0xA3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x29 0x17 0x0F 0x5F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xA2 0x55 0x0F 0x6E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0xF8 0x96 0x8B 0xAD ... |
|
|
|
|
07-07-2008, 20:10
|
#11 |
|
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
Hijackthis
|
|
|
|
|
07-07-2008, 20:11
|
#12 |
|
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
Gli altri due programmi hanno dato esito negativo, nessun file o processo sospetto. Non mi hai scritto il link per la guida contro i vundo
|
|
|
|
|
07-07-2008, 20:31
|
#13 |
|
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
in piu adesso quando clicco sul disco locale D:, mi compare la schermata "
apri con.." |
|
|
|
|
07-07-2008, 20:31
|
#14 |
|
Senior Member
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
|
__________________
fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording • |
|
|
|
|
07-07-2008, 20:37
|
#15 |
|
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
il fatto ke mi esca "apri con..." quando clicco su D: è legato alla presenza di vundo?? cmq F-Secure mi sembra abbia eliminato i vundo...
|
|
|
|
|
07-07-2008, 21:04
|
#16 |
|
Senior Member
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
|
dovrebbe essere un altro problema...
il log di hijackthis non è completo cureit vorremmo comunque vederlo, zippalo e caricalo prev non ha trovato nulla? aspettiamo il log di virtumondo, combofix e Superantispyware. x Superantispyware Lancialo e fagli fare l'aggiornamento automatico cliccando su "Download and install the Update Now" nella finestrella che si apre / oppure cliccando su "Check for Updates" una volta aperto Sotto Preference... -> Scanning control -> Configuralo come indicato qui -> Close Per scansionare clicca su Avanti -> A sinistra metti la spunta a tutti gli hard disk e partizioni, a destra seleziona Perform Complete Scan -> Avanti A fine scansione seleziona tutte le voci trovate e clicca su avanti per mettere tutto in quarantena. Il log lo recuperi dal programma -> Preferences... -> Statistics/Logs oppure più comodo Start -> Esegui -> Copia ed incolla il testo rosso %appdata%\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs (invio)
__________________
fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording • |
|
|
|
|
08-07-2008, 01:12
|
#17 | |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
Quote:
http://www.hwupgrade.it/forum/showthread.php?t=1599603
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 19:04.
